Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2022-24685 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. | 5.0 |
| 2022-02-25 | CVE-2022-25374 | Information Exposure Through Log Files vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. | 5.0 |
| 2022-02-24 | CVE-2022-24687 | Resource Exhaustion vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. | 3.5 |
| 2022-02-17 | CVE-2022-24683 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | 7.8 |
| 2022-02-15 | CVE-2022-24684 | Resource Exhaustion vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. | 4.0 |
| 2022-02-14 | CVE-2022-24686 | Race Condition vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. | 4.3 |
| 2021-12-17 | CVE-2021-45042 | Unspecified vulnerability in Hashicorp Vault In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. | 6.8 |
| 2021-12-12 | CVE-2021-41805 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. | 6.5 |
| 2021-12-03 | CVE-2021-43415 | Improper Authentication vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. | 6.0 |
| 2021-11-30 | CVE-2021-43998 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. | 5.5 |