Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2020-7220 | Information Exposure vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. | 4.3 |
| 2019-12-02 | CVE-2019-19316 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hashicorp Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | 4.3 |
| 2019-08-12 | CVE-2019-12618 | Improper Privilege Management vulnerability in Hashicorp Nomad 0.9.0/0.9.1 HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | 10.0 |
| 2019-06-06 | CVE-2019-12291 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. | 6.4 |
| 2019-03-26 | CVE-2019-9764 | Origin Validation Error vulnerability in Hashicorp Consul 1.4.3 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. | 5.8 |
| 2019-03-05 | CVE-2019-8336 | Unspecified vulnerability in Hashicorp Consul 1.4.0/1.4.1/1.4.2 HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. network hashicorp | 6.8 |
| 2018-12-09 | CVE-2018-19653 | Cryptographic Issues vulnerability in Hashicorp Consul HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. | 5.9 |
| 2018-12-05 | CVE-2018-19786 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | 4.3 |
| 2018-08-25 | CVE-2018-15869 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 5.0 |
| 2018-03-29 | CVE-2017-16873 | Unspecified vulnerability in Hashicorp Vagrant VMWare Fusion It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 through 5.0.4 in order to escalate to root privileges. | 7.2 |