Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HashiCorp — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting HashiCorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by HashiCorp:VaultNomadConsulShared libraryVault EnterpriseBoundaryToolingTerraform EnterpriseNomad EnterpriseVagrantgo-getterTerraform
CVE IDTitleCVSSSeverityPublished
CVE-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service — Vault EnterpriseCWE-266 4.2 Medium2023-09-28
CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption — VaultCWE-323 6.8 Medium2023-09-14
CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation — TerraformCWE-22 6.3 Medium2023-09-08
CVE-2023-3518 JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access — ConsulCWE-266 7.4 High2023-08-09
CVE-2023-3462 Vault's LDAP Auth Method Allows for User Enumeration — VaultCWE-203 5.3 Medium2023-07-31
CVE-2023-3774 Vault Enterprise Namespace Creation May Lead to Denial of Service — Vault EnterpriseCWE-248 4.9 Medium2023-07-28
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins — NomadCWE-266 5.3 Medium2023-07-19
CVE-2023-3299 Nomad Caller ACL Token's Secret ID is Exposed to Sentinel — Nomad EnterpriseCWE-201 3.4 Low2023-07-19
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources — NomadCWE-266 4.1 Medium2023-07-19
CVE-2023-3114 Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool — Terraform EnterpriseCWE-266 5.0 Medium2023-06-22
CVE-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection — VaultCWE-79 4.3 Medium2023-06-09
CVE-2023-1297 Consul Cluster Peering can Result in Denial of Service — ConsulCWE-826 4.9 Medium2023-06-02
CVE-2023-2816 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner — ConsulCWE-266 8.7 High2023-06-02
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM — Vault EnterpriseCWE-326 2.5 Low2023-05-01
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation — NomadCWE-862 10.0 Critical2023-04-05
CVE-2023-0620 Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend — VaultCWE-89 6.5 Medium2023-03-30
CVE-2023-0665 Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata — VaultCWE-285 6.5 Medium2023-03-30
CVE-2023-25000 Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations — VaultCWE-208 5.0 Medium2023-03-30
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity — NomadCWE-862 7.4 High2023-03-14
CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables — NomadCWE-682 2.7 Low2023-03-14
CVE-2023-24999 Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation — VaultCWE-863 4.4 Medium2023-03-10
CVE-2023-0845 Consul Server Panic when Ingress and API Gateways Configured with Peering — ConsulCWE-476 4.9 Medium2023-03-09
CVE-2023-0821 Nomad Client Vulnerable to Decompression Bombs in Artifact Block — NomadCWE-409 6.5 Medium2023-02-16
CVE-2023-0475 Go-Getter Vulnerable to Decompression Bombs — go-getterCWE-409 4.2 Medium2023-02-16
CVE-2023-0690 Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured — BoundaryCWE-312 5.0 Medium2023-02-08
CVE-2022-3920 Consul Peering Imported Nodes/Services Leak — ConsulCWE-862 5.3 Medium2022-11-15
CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected — NomadCWE-613 2.7 Low2022-11-10
CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/ — NomadCWE-668 5.0 Medium2022-11-10

This page lists every published CVE security advisory associated with HashiCorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.