Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-22 | CVE-2022-40186 | Unspecified vulnerability in Hashicorp Vault An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. | 9.1 |
| 2022-09-01 | CVE-2022-36130 | Insufficient Verification of Data Authenticity vulnerability in Hashicorp Boundary HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. | 9.9 |
| 2022-08-17 | CVE-2022-38149 | Information Exposure Through Log Files vulnerability in Hashicorp Consul Template HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. | 7.5 |
| 2022-07-26 | CVE-2022-36129 | Missing Authentication for Critical Function vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. | 9.1 |
| 2022-06-02 | CVE-2022-30324 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. | 9.8 |
| 2022-05-25 | CVE-2022-26945 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. | 9.8 |
| 2022-05-25 | CVE-2022-30321 | Command Injection vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. | 8.6 |
| 2022-05-25 | CVE-2022-30322 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. | 8.6 |
| 2022-05-25 | CVE-2022-30323 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. | 8.6 |
| 2022-05-17 | CVE-2022-30689 | Unspecified vulnerability in Hashicorp Vault 1.10.0/1.10.2 HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. | 5.3 |