Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	11713	October 8, 2020
HCSEC-2024-29 - Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Token security-nomad	0	77	December 20, 2024
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service security-boundary	0	148	December 12, 2024
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission security-nomad	0	377	November 7, 2024
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests security-vault	0	948	October 31, 2024
HCSEC-2024-24 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation security-consul	0	671	October 30, 2024
HCSEC-2024-23 - Consul L7 Intentions Vulnerable To Headers Bypass security-consul	0	692	October 30, 2024
HCSEC-2024-22 - Consul L7 Intentions Vulnerable To URL Path Bypass security-consul	0	803	October 30, 2024
HCSEC-2024-25 - Vagrant VMware Utility installation files vulnerable to modification by unprivileged user security-vagrant	0	678	October 29, 2024
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges security-vault	0	2293	October 10, 2024
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default security-vault	0	1781	September 26, 2024
HCSEC-2024-19 - Terraform Enterprise’s Single Sign-On And Ruby SAML’s CVE-2024-45409 security-terraform	1	924	October 21, 2024
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices security-vault	0	2280	August 31, 2024
HCSEC-2024-17 - Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking security-nomad	0	1002	August 14, 2024
HCSEC-2024-16 - Consul UI Development Workflows Vulnerable to Dependency Confusion security-consul	0	756	July 25, 2024
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking security-nomad	0	963	July 22, 2024
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior security-vault	0	1703	July 11, 2024
HCSEC-2024-13 - HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation	0	2787	June 25, 2024
HCSEC-2024-12 - go-retryablehttp can leak basic auth credentials to log files	0	1807	June 21, 2024
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims security-vault	0	3207	June 12, 2024
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node security-vault	0	3690	April 30, 2024
HCSEC-2024-09 - HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches	0	6288	April 17, 2024
HCSEC-2024-08 - Updates to HashiCorp Subprocessors	0	3134	April 11, 2024
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses security-vault	0	4895	April 4, 2024
HCSEC-2024-06 - HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)	0	3599	April 2, 2024
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates security-vault	0	9181	March 4, 2024
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements security-terraform	0	4845	February 15, 2024
HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack security-nomad	0	6346	February 8, 2024
HCSEC-2024-02 - Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering security-boundary	0	5747	February 5, 2024
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device security-vault	0	6320	February 1, 2024