Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2019-14802 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. | 5.3 |
| 2022-11-16 | CVE-2022-3920 | Missing Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. | 7.5 |
| 2022-11-10 | CVE-2022-3866 | Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. | 4.3 |
| 2022-11-10 | CVE-2022-3867 | Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. | 4.3 |
| 2022-10-27 | CVE-2022-36182 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hashicorp Boundary Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site. | 6.1 |
| 2022-10-12 | CVE-2022-41316 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. | 5.3 |
| 2022-10-12 | CVE-2022-41606 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. | 6.5 |
| 2022-10-11 | CVE-2022-42717 | Unspecified vulnerability in Hashicorp Vagrant An issue was discovered in Hashicorp Packer before 2.3.1. | 7.8 |
| 2022-09-23 | CVE-2022-40716 | Unchecked Return Value vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. | 6.5 |
| 2022-09-23 | CVE-2021-41803 | Missing Authorization vulnerability in Hashicorp Consul HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. | 7.1 |