Vulnerabilities > Hashicorp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-11 | CVE-2020-13170 | Improper Input Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. | 7.5 |
| 2020-06-11 | CVE-2020-12758 | Improper Resource Shutdown or Release vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. | 7.5 |
| 2020-06-10 | CVE-2020-13223 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. | 7.5 |
| 2020-02-14 | CVE-2019-19879 | Unspecified vulnerability in Hashicorp Sentinel HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. | 7.5 |
| 2020-01-31 | CVE-2020-7219 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |
| 2020-01-31 | CVE-2020-7218 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |
| 2020-01-23 | CVE-2020-7220 | Improper Resource Shutdown or Release vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. | 7.5 |
| 2019-12-02 | CVE-2019-19316 | Cleartext Transmission of Sensitive Information vulnerability in Hashicorp Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | 7.5 |
| 2019-06-06 | CVE-2019-12291 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. | 7.5 |
| 2019-03-26 | CVE-2019-9764 | Origin Validation Error vulnerability in Hashicorp Consul 1.4.3 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. | 7.4 |