Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-26 | CVE-2020-16250 | Authentication Bypass by Spoofing vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-20 | CVE-2020-24359 | Improper Input Validation vulnerability in Hashicorp Vault-Ssh-Helper HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. | 5.0 |
| 2020-07-30 | CVE-2020-15511 | Improper Input Validation vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. | 5.0 |
| 2020-06-11 | CVE-2020-13250 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. | 5.0 |
| 2020-06-11 | CVE-2020-13170 | Improper Input Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. | 5.0 |
| 2020-06-11 | CVE-2020-12797 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. | 5.0 |
| 2020-06-11 | CVE-2020-12758 | Improper Resource Shutdown or Release vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. | 5.0 |
| 2020-06-10 | CVE-2020-13223 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. | 5.0 |
| 2020-06-10 | CVE-2020-12757 | Improper Privilege Management vulnerability in Hashicorp Vault 1.4.0/1.4.1/1.4.2 HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. | 7.5 |
| 2020-04-28 | CVE-2020-10944 | Cross-site Scripting vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. | 3.5 |