Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HashiCorp — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting HashiCorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by HashiCorp:VaultNomadConsulShared libraryVault EnterpriseBoundaryToolingTerraform EnterpriseNomad EnterpriseVagrantgo-getterTerraform
CVE IDTitleCVSSSeverityPublished
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace — NomadCWE-863 7.1 High2025-02-12
CVE-2025-0377 HashiCorp go-slug Vulnerable to Zip Slip Attack — Shared libraryCWE-59 7.5 High2025-01-21
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens — NomadCWE-266 6.5 Medium2024-12-20
CVE-2024-12289 Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service — BoundaryCWE-460 5.9 Medium2024-12-12
CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission — NomadCWE-863 7.7 High2024-11-07
CVE-2024-8185 Vault Vulnerable to Denial of Service When Processing Raft Join Requests — VaultCWE-636 7.5 High2024-10-31
CVE-2024-10086 Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation — ConsulCWE-79 6.1 Medium2024-10-30
CVE-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass — ConsulCWE-644 8.3 High2024-10-30
CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass — ConsulCWE-22 8.1 High2024-10-30
CVE-2024-10228 Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user — VagrantCWE-732 3.8 Low2024-10-29
CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges — VaultCWE-266 7.2 High2024-10-10
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default — VaultCWE-732 7.5 High2024-09-26
CVE-2024-8365 Vault Leaks AppRole Client Tokens And Accessor in Audit Log — VaultCWE-532 6.2 Medium2024-09-02
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking — NomadCWE-610 5.8 Medium2024-08-14
CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking — NomadCWE-610 7.7 High2024-07-23
CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior — VaultCWE-703 7.5 High2024-07-11
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation — Shared libraryCWE-77 8.4 High2024-06-25
CVE-2024-6104 go-retryablehttp can leak basic auth credentials to log files — Shared libraryCWE-532 6.0 Medium2024-06-24
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims — VaultCWE-287 2.6 Low2024-06-12
CVE-2024-2877 Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node — Vault EnterpriseCWE-532 5.5 Medium2024-04-30
CVE-2024-3817 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches — Shared libraryCWE-88 9.8 Critical2024-04-17
CVE-2024-2660 Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses — VaultCWE-636 6.4 Medium2024-04-04
CVE-2024-2048 Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates — VaultCWE-295 8.1 High2024-03-04
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack — NomadCWE-59 7.7 High2024-02-08
CVE-2024-1052 Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering — BoundaryCWE-295 8.0 High2024-02-05
CVE-2024-0831 Vault May Expose Sensitive Information When Configuring An Audit Log Device — VaultCWE-532 4.5 Medium2024-02-01
CVE-2023-6337 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests — VaultCWE-770 7.5 High2023-12-08
CVE-2023-5954 Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption — VaultCWE-401 5.9 Medium2023-11-09
CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write — VagrantCWE-1386 3.8 Low2023-10-27
CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets — VaultCWE-266 7.6 High2023-09-28

This page lists every published CVE security advisory associated with HashiCorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.