Vulnerabilities > Hashicorp > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-25 CVE-2022-30322 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses.
network
low complexity
hashicorp
8.6
2022-05-25 CVE-2022-30323 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files.
network
low complexity
hashicorp
8.6
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in multiple products
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.
network
low complexity
hashicorp fedoraproject CWE-918
7.5
2022-03-23 CVE-2021-44139 Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
network
low complexity
hashicorp CWE-918
7.5
2022-02-28 CVE-2022-24685 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage.
network
low complexity
hashicorp CWE-770
7.5
2022-02-25 CVE-2022-25374 Information Exposure Through Log Files vulnerability in Hashicorp Terraform Enterprise
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data.
network
low complexity
hashicorp CWE-532
7.5
2022-02-17 CVE-2022-24683 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
network
low complexity
hashicorp
7.5
2021-12-12 CVE-2021-41805 Incorrect Authorization vulnerability in Hashicorp Consul
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control.
network
low complexity
hashicorp CWE-863
8.8
2021-12-03 CVE-2021-43415 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths.
network
low complexity
hashicorp
8.8
2021-10-11 CVE-2021-42135 Improper Privilege Management vulnerability in Hashicorp Vault 1.8.0/1.8.3
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine.
network
low complexity
hashicorp CWE-269
8.1