Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-4680 | Improper Input Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. | 6.8 |
| 2023-09-08 | CVE-2023-4782 | Path Traversal vulnerability in Hashicorp Terraform Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. | 7.8 |
| 2023-08-09 | CVE-2023-3518 | Unspecified vulnerability in Hashicorp Consul 1.16.0 HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. | 7.3 |
| 2023-07-31 | CVE-2023-3462 | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault 1.13.0/1.13.4/1.14.0 HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. | 5.3 |
| 2023-07-28 | CVE-2023-3774 | Improper Handling of Exceptional Conditions vulnerability in Hashicorp Vault 1.12.8/1.13.4/1.14.0 An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. | 4.9 |
| 2023-07-20 | CVE-2023-3072 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. | 3.8 |
| 2023-07-20 | CVE-2023-3299 | Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. | 2.7 |
| 2023-07-20 | CVE-2023-3300 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. | 5.3 |
| 2023-06-22 | CVE-2023-3114 | Incorrect Authorization vulnerability in Hashicorp Terraform Enterprise Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. | 7.7 |
| 2023-06-09 | CVE-2023-2121 | Cross-site Scripting vulnerability in Hashicorp Vault Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. | 5.4 |