Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-14 | CVE-2022-24686 | Race Condition vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. | 5.9 |
| 2021-12-17 | CVE-2021-45042 | Unspecified vulnerability in Hashicorp Vault In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. | 4.9 |
| 2021-12-12 | CVE-2021-41805 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. | 8.8 |
| 2021-12-03 | CVE-2021-43415 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. | 8.8 |
| 2021-11-30 | CVE-2021-43998 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. | 6.5 |
| 2021-10-11 | CVE-2021-42135 | Improper Privilege Management vulnerability in Hashicorp Vault 1.8.0/1.8.3/1.8.4 HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. | 8.1 |
| 2021-10-08 | CVE-2021-41802 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. | 5.4 |
| 2021-10-07 | CVE-2021-41865 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. | 6.5 |
| 2021-09-15 | CVE-2021-40862 | Information Exposure vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. | 8.8 |
| 2021-09-07 | CVE-2021-37218 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |