Vulnerabilities > Hashicorp

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-35453 Improper Input Validation vulnerability in Hashicorp Vault
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces.
network
low complexity
hashicorp CWE-20
5.0
2020-12-17 CVE-2020-35177 Information Exposure vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method.
network
low complexity
hashicorp CWE-200
5.0
2020-12-17 CVE-2020-35192 Missing Authentication for Critical Function vulnerability in Hashicorp Vault
The official vault docker images before 0.11.6 contain a blank password for a root user.
network
low complexity
hashicorp CWE-306
critical
10.0
2020-12-08 CVE-2020-29564 Unspecified vulnerability in Hashicorp Consul Docker Image
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user.
network
low complexity
hashicorp
critical
10.0
2020-12-03 CVE-2020-29529 Path Traversal vulnerability in Hashicorp Go-Slug
HashiCorp go-slug up to 0.4.3 did not fully protect against Zip Slip attacks while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks.
network
low complexity
hashicorp CWE-22
5.0
2020-11-24 CVE-2020-28348 Path Traversal vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type.
network
hashicorp CWE-22
6.3
2020-11-23 CVE-2020-28053 Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration.
network
low complexity
hashicorp CWE-732
4.0
2020-11-04 CVE-2020-25201 Excessive Iteration vulnerability in Hashicorp Consul
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes.
network
low complexity
hashicorp CWE-834
5.0
2020-10-22 CVE-2020-27195 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas.
network
low complexity
hashicorp
6.4
2020-09-30 CVE-2020-25816 Unspecified vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly.
network
low complexity
hashicorp
7.5