Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-25 | CVE-2022-26945 | Command Injection vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. | 9.8 |
| 2022-05-25 | CVE-2022-30321 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. | 8.6 |
| 2022-05-25 | CVE-2022-30322 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. | 8.6 |
| 2022-05-25 | CVE-2022-30323 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. | 8.6 |
| 2022-05-17 | CVE-2022-30689 | Unspecified vulnerability in Hashicorp Vault 1.10.0/1.10.2 HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. | 5.3 |
| 2022-04-27 | CVE-2022-29810 | Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | 5.5 |
| 2022-04-19 | CVE-2022-29153 | Server-Side Request Forgery (SSRF) vulnerability in multiple products HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. | 7.5 |
| 2022-03-23 | CVE-2021-44139 | Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2 Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | 5.0 |
| 2022-03-10 | CVE-2022-25243 | Improper Certificate Validation vulnerability in Hashicorp Vault "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. | 6.5 |
| 2022-03-10 | CVE-2022-25244 | Unspecified vulnerability in Hashicorp Vault Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. | 4.0 |