Vulnerabilities > Hashicorp

DATE CVE VULNERABILITY TITLE RISK
2022-09-23 CVE-2021-41803 Missing Authorization vulnerability in Hashicorp Consul
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC.
network
low complexity
hashicorp CWE-862
7.1
2022-09-22 CVE-2022-40186 Unspecified vulnerability in Hashicorp Vault
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3.
network
low complexity
hashicorp
critical
9.1
2022-07-26 CVE-2022-36129 Missing Authentication for Critical Function vulnerability in Hashicorp Vault
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure.
network
low complexity
hashicorp CWE-306
critical
9.1
2022-06-02 CVE-2022-30324 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.
network
low complexity
hashicorp
7.5
2022-05-25 CVE-2022-26945 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing.
network
low complexity
hashicorp
critical
9.8
2022-05-25 CVE-2022-30321 Command Injection vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws.
network
low complexity
hashicorp CWE-77
8.6
2022-05-25 CVE-2022-30322 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses.
network
low complexity
hashicorp
8.6
2022-05-25 CVE-2022-30323 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files.
network
low complexity
hashicorp
8.6
2022-05-17 CVE-2022-30689 Unspecified vulnerability in Hashicorp Vault 1.10.0/1.10.2
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts.
network
low complexity
hashicorp
5.3
2022-04-27 CVE-2022-29810 Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
local
low complexity
hashicorp CWE-532
5.5