VYPR

Vendor CVEs

Hashicorp

All CVEs

155 total · sorted by risk
  • CVE-2024-53913Nov 24, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

  • CVE-2024-52943Nov 18, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an…

  • CVE-2024-52942Nov 18, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an…

  • CVE-2024-52944Nov 18, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an…

  • CVE-2024-10975Nov 7, 2024
    risk 0.00cvss epss 0.00

    Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community…

  • CVE-2024-8185Oct 31, 2024
    risk 0.00cvss epss 0.00

    Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the…

  • CVE-2024-10086Oct 30, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

  • CVE-2024-10006Oct 30, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

  • CVE-2024-10005Oct 30, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

  • CVE-2024-10228Oct 29, 2024
    risk 0.00cvss epss 0.00

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility…

  • CVE-2024-9180Oct 10, 2024
    risk 0.00cvss epss 0.01

    A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

  • CVE-2024-23586Sep 27, 2024
    risk 0.00cvss epss 0.00

    HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.

  • CVE-2024-7594Sep 26, 2024
    risk 0.00cvss epss 0.00

    Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets…

  • CVE-2024-8365Sep 2, 2024
    risk 0.00cvss epss 0.00

    Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token…

  • CVE-2024-7625Aug 14, 2024
    risk 0.00cvss epss 0.00

    In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This…

  • CVE-2024-6717Jul 23, 2024
    risk 0.00cvss epss 0.00

    HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

  • CVE-2024-6468Jul 11, 2024
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in…

  • CVE-2024-5798Jun 12, 2024
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed…

  • CVE-2024-2877Apr 30, 2024
    risk 0.00cvss epss 0.00

    Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed…

  • CVE-2024-2660Apr 4, 2024
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault…

  • CVE-2024-2048Mar 4, 2024
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be…

  • CVE-2024-1329Feb 8, 2024
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

  • CVE-2024-1052Feb 5, 2024
    risk 0.00cvss epss 0.00

    Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU)…

  • CVE-2024-0831Feb 1, 2024
    risk 0.00cvss epss 0.01

    Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.

  • CVE-2023-6337Dec 8, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the…

  • CVE-2023-5954Nov 9, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.

  • CVE-2023-5834Oct 27, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

  • CVE-2023-5077Sep 28, 2023
    risk 0.00cvss epss 0.00

    The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

  • CVE-2023-3775Sep 28, 2023
    risk 0.00cvss epss 0.00

    A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4,…

  • CVE-2023-4680Sep 14, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially…

  • CVE-2023-4782Sep 8, 2023
    risk 0.00cvss epss 0.00

    Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

  • CVE-2023-3518Aug 9, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

  • CVE-2023-3462Jul 31, 2023
    risk 0.00cvss epss 0.01

    HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This…

  • CVE-2023-3774Jul 28, 2023
    risk 0.00cvss epss 0.01

    An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.

  • CVE-2023-3300Jul 19, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

  • CVE-2023-3299Jul 19, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

  • CVE-2023-3072Jul 19, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

  • CVE-2023-3114Jun 22, 2023
    risk 0.00cvss epss 0.00

    Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged…

  • CVE-2023-2121Jun 9, 2023
    risk 0.00cvss epss 0.00

    Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

  • CVE-2023-1297Jun 2, 2023
    risk 0.00cvss epss 0.01

    Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

  • CVE-2023-2816Jun 2, 2023
    risk 0.00cvss epss 0.01

    Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s)…

  • CVE-2023-2197May 1, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or…

  • CVE-2023-1782Apr 5, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

  • CVE-2023-0620Mar 30, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed…

  • CVE-2023-0665Mar 30, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate…

  • CVE-2023-25000Mar 30, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the…

  • CVE-2023-1299Mar 14, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.

  • CVE-2023-1296Mar 14, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

  • CVE-2023-24999Mar 10, 2023
    risk 0.00cvss epss 0.01

    HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8,…

  • CVE-2023-0845Mar 9, 2023
    risk 0.00cvss epss 0.01

    Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.