Vulnerabilities > Hashicorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2021-28156 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. | 7.5 |
| 2021-02-01 | CVE-2021-3283 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. | 7.5 |
| 2021-02-01 | CVE-2021-3282 | Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. | 7.5 |
| 2021-01-11 | CVE-2021-3121 | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in GoGo Protobuf before 1.3.2. | 8.6 |
| 2020-12-03 | CVE-2020-29529 | Link Following vulnerability in Hashicorp Go-Slug HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. | 7.5 |
| 2020-11-04 | CVE-2020-25201 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. | 7.5 |
| 2020-08-26 | CVE-2020-16251 | Improper Authentication vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-26 | CVE-2020-16250 | Authentication Bypass by Spoofing vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. | 8.2 |
| 2020-08-20 | CVE-2020-24359 | Improper Input Validation vulnerability in Hashicorp Vault-Ssh-Helper HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. | 7.5 |
| 2020-06-11 | CVE-2020-13250 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. | 7.5 |