Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-31 | CVE-2020-7218 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |
| 2020-01-23 | CVE-2020-7220 | Improper Resource Shutdown or Release vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. | 7.5 |
| 2019-12-02 | CVE-2019-19316 | Cleartext Transmission of Sensitive Information vulnerability in Hashicorp Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | 7.5 |
| 2019-08-12 | CVE-2019-12618 | Improper Privilege Management vulnerability in Hashicorp Nomad 0.9.0/0.9.1 HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | 9.8 |
| 2019-06-06 | CVE-2019-12291 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. | 7.5 |
| 2019-03-26 | CVE-2019-9764 | Origin Validation Error vulnerability in Hashicorp Consul 1.4.3 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. | 7.4 |
| 2019-03-05 | CVE-2019-8336 | Unspecified vulnerability in Hashicorp Consul 1.4.0/1.4.1/1.4.2 HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. | 8.1 |
| 2018-12-09 | CVE-2018-19653 | Cryptographic Issues vulnerability in Hashicorp Consul HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. | 5.9 |
| 2018-12-05 | CVE-2018-19786 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported. | 8.1 |
| 2018-08-25 | CVE-2018-15869 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog. | 5.3 |