Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-27195 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. | 6.4 |
| 2020-09-30 | CVE-2020-25816 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. network hashicorp | 4.9 |
| 2020-08-26 | CVE-2020-16251 | Improper Authentication vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-26 | CVE-2020-16250 | Authentication Bypass by Spoofing vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-20 | CVE-2020-24359 | Improper Input Validation vulnerability in Hashicorp Vault-Ssh-Helper HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. | 5.0 |
| 2020-07-30 | CVE-2020-15511 | Improper Input Validation vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. | 5.0 |
| 2020-06-11 | CVE-2020-13250 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. | 5.0 |
| 2020-06-11 | CVE-2020-13170 | Improper Input Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. | 5.0 |
| 2020-06-11 | CVE-2020-12797 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. | 5.0 |
| 2020-06-11 | CVE-2020-12758 | Improper Resource Shutdown or Release vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. | 5.0 |