Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-2816 | Unspecified vulnerability in Hashicorp Consul 1.15.0 Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. | 6.5 |
| 2023-05-01 | CVE-2023-2197 | Inadequate Encryption Strength vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. | 2.5 |
| 2023-03-30 | CVE-2023-0620 | SQL Injection vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. | 6.7 |
| 2023-03-30 | CVE-2023-0665 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. | 6.5 |
| 2023-03-30 | CVE-2023-25000 | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. | 4.7 |
| 2023-03-14 | CVE-2023-1296 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. | 5.3 |
| 2023-03-14 | CVE-2023-1299 | Unspecified vulnerability in Hashicorp Nomad 1.5.0 HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. | 8.8 |
| 2023-03-11 | CVE-2023-24999 | Incorrect Authorization vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. | 8.1 |
| 2023-03-09 | CVE-2023-0845 | NULL Pointer Dereference vulnerability in Hashicorp Consul Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. | 6.5 |
| 2023-02-16 | CVE-2023-0821 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. | 6.5 |