Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	9705	October 8, 2020
HCSEC-2024-09 - HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches	0	1595	April 17, 2024
HCSEC-2024-08 - Updates to HashiCorp Subprocessors	0	394	April 11, 2024
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses security-vault	0	1228	April 4, 2024
HCSEC-2024-06 - HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)	0	757	April 2, 2024
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates security-vault	0	4568	March 4, 2024
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements security-terraform	0	1822	February 15, 2024
HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack security-nomad	0	2852	February 8, 2024
HCSEC-2024-02 - Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering security-boundary	0	2664	February 5, 2024
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device security-vault	0	3215	February 1, 2024
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests security-vault	0	6214	December 8, 2023
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption security-vault	0	5089	November 9, 2023
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) security-consul , security-vault , security-boundary	0	9024	November 2, 2023
HCSEC-2023-31 - Vagrant’s Windows Installer Allowed Directory Junction Write security-vagrant	0	4783	October 27, 2023
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets security-vault	0	5158	September 28, 2023
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service security-vault	0	5308	September 28, 2023
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption security-vault	0	5695	September 14, 2023
HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation security-terraform	0	6646	September 8, 2023
HCSEC-2023-26 - Terraform’s Handling Of Duplicate Map Keys In Configurations May Have Security Implications security-terraform	0	4888	August 24, 2023
HCSEC-2023-25 - Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers security-consul	0	5694	August 8, 2023
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration security-vault	0	6043	July 31, 2023
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service security-vault	0	5906	July 28, 2023
HCSEC-2023-22 - Nomad Search API Leaks Information About CSI Plugins security-nomad	0	4181	July 19, 2023
HCSEC-2023-21 - Nomad Caller ACL Token's Secret ID is Exposed to Sentinel security-nomad	0	4087	July 19, 2023
HCSEC-2023-20 - Nomad ACL Policies without Label are Applied to Unexpected Resources security-nomad	0	4277	July 19, 2023
HCSEC-2023-19 - Terraform Enterprise, Docker Engine, and Go’s CVE-2023-24540 security-terraform	1	5652	June 28, 2023
HCSEC-2023-18 - Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces to Target an Agent Pool security-terraform	0	4720	June 22, 2023
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection security-vault	0	5282	June 9, 2023
HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner security-consul	0	4802	June 2, 2023
HCSEC-2023-15 - Consul Cluster Peering can Result in Denial of Service security-consul	0	5333	June 2, 2023