Vulnerabilities > Hashicorp > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-06-10 CVE-2020-12757 Improper Privilege Management vulnerability in Hashicorp Vault 1.4.0/1.4.1/1.4.2
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting.
network
low complexity
hashicorp CWE-269
critical
9.8
2020-03-23 CVE-2020-10661 Unspecified vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact.
network
low complexity
hashicorp
critical
9.1
2020-01-31 CVE-2020-7956 Improper Certificate Validation vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation.
network
low complexity
hashicorp CWE-295
critical
9.8
2019-08-12 CVE-2019-12618 Improper Privilege Management vulnerability in Hashicorp Nomad 0.9.0/0.9.1
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
network
low complexity
hashicorp CWE-269
critical
9.8
2018-03-27 CVE-2018-9057 Insufficient Entropy in PRNG vulnerability in Hashicorp Terraform
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password.
network
low complexity
hashicorp CWE-332
critical
9.8