Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	5141	October 8, 2020
HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner security-consul	0	214	June 2, 2023
HCSEC-2023-15 - Consul Cluster Peering can Result in Denial of Service security-consul	0	217	June 2, 2023
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM security-vault	0	859	May 1, 2023
HCSEC-2023-13 - Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation	0	1335	April 5, 2023
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File security-vault	0	2050	March 30, 2023
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata security-vault	0	1287	March 30, 2023
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations security-vault	0	1672	March 30, 2023
HCSEC-2023-09 - Nomad ACLs Can Not Deny Access to Workload's Own Variables security-nomad	0	986	March 13, 2023
HCSEC-2023-08 - Nomad Job Submitter Privilege Escalation Using Workload Identity security-nomad	0	983	March 13, 2023
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation security-vault	0	1760	March 10, 2023
HCSEC-2023-06 - Consul Server Panic when Ingress and API Gateways Configured with Peering Connections	0	1109	March 9, 2023
HCSEC-2023-05 - Nomad Client Vulnerable to Decompression Bombs in Artifact Block	0	1220	February 16, 2023
HCSEC-2023-04 - go-getter vulnerable to denial of service via malicious compressed archive	0	1572	February 13, 2023
HCSEC-2023-03 - Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured security-boundary	0	1181	February 8, 2023
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717) security-vault , security-consul , security-boundary , security-waypoint	0	1275	February 8, 2023
HCSEC-2023-01 - HashiCorp Response to CircleCI Security Alert	3	8943	April 24, 2023
HCSEC-2022-28 - Consul Cluster Peering Leaks Imported Nodes/Services Information security-consul	0	2084	November 15, 2022
HCSEC-2022-27 - HashiCorp Response to OpenSSL Security Announcement Regarding November 1 Release	2	2336	November 1, 2022
HCSEC-2022-26 - Nomad’s Event Stream Subscriber Using ACL Token with TTL Receive Updates Until Garbage Collected security-nomad	0	1849	October 28, 2022
HCSEC-2022-25 - Nomad’s Workload Identity Token Can List Non-sensitive Metadata For nomad/ Paths security-nomad	0	1871	October 28, 2022
HCSEC-2022-24 - Vault's TLS Cert Auth Method Only Loaded CRL After First Request security-vault	0	2344	October 12, 2022
HCSEC-2022-23 - Vagrant NFS sudoers Configuration Allows for Local Privilege Escalation	0	1963	October 10, 2022
HCSEC-2022-22 - Nomad Panics On Job Submission With Bad Artifact Stanza Source URL security-nomad	0	1732	October 10, 2022
HCSEC-2022-21 - Updates to HashiCorp Subprocessors Page	0	983	September 28, 2022
HCSEC-2022-20 - Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request security-consul	0	2688	September 21, 2022
HCSEC-2022-19 - Consul Auto-Config JWT Authorization Missing Input Validation security-consul	0	2398	September 21, 2022
HCSEC-2022-18 - Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity security-vault	0	3288	September 20, 2022
HCSEC-2022-17 - Boundary Allowed Access To Host Sets And Credential Sources For Authorized Users Of Another Scope security-boundary	0	2150	August 23, 2022
HCSEC-2022-16 - Consul Template May Expose Vault Secrets When Processing Invalid Input	0	2731	August 16, 2022