Security

Topic	Replies	Views	Activity
About HashiCorp security updates	0	7181	October 8, 2020
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption security-vault	0	1287	November 9, 2023
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) security-consul , security-vault , security-boundary	0	2635	November 2, 2023
HCSEC-2023-31 - Vagrant’s Windows Installer Allowed Directory Junction Write security-vagrant	0	1174	October 27, 2023
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets security-vault	0	1752	September 28, 2023
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service security-vault	0	1842	September 28, 2023
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption security-vault	0	2182	September 14, 2023
HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation security-terraform	0	2922	September 8, 2023
HCSEC-2023-26 - Terraform’s Handling Of Duplicate Map Keys In Configurations May Have Security Implications security-terraform	0	1532	August 24, 2023
HCSEC-2023-25 - Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers security-consul	0	2283	August 8, 2023
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration security-vault	0	2563	July 31, 2023
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service security-vault	0	2519	July 28, 2023
HCSEC-2023-22 - Nomad Search API Leaks Information About CSI Plugins security-nomad	0	1759	July 19, 2023
HCSEC-2023-21 - Nomad Caller ACL Token's Secret ID is Exposed to Sentinel security-nomad	0	1680	July 19, 2023
HCSEC-2023-20 - Nomad ACL Policies without Label are Applied to Unexpected Resources security-nomad	0	1789	July 19, 2023
HCSEC-2023-19 - Terraform Enterprise, Docker Engine, and Go’s CVE-2023-24540 security-terraform	1	3482	June 28, 2023
HCSEC-2023-18 - Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces to Target an Agent Pool security-terraform	0	2352	June 22, 2023
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection security-vault	0	2804	June 9, 2023
HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner security-consul	0	2367	June 2, 2023
HCSEC-2023-15 - Consul Cluster Peering can Result in Denial of Service security-consul	0	2597	June 2, 2023
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM security-vault	0	2685	May 1, 2023
HCSEC-2023-13 - Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation	0	2977	April 5, 2023
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File security-vault	0	3899	March 30, 2023
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata security-vault	0	3031	March 30, 2023
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations security-vault	0	4181	March 30, 2023
HCSEC-2023-09 - Nomad ACLs Can Not Deny Access to Workload's Own Variables security-nomad	0	2579	March 13, 2023
HCSEC-2023-08 - Nomad Job Submitter Privilege Escalation Using Workload Identity security-nomad	0	2563	March 13, 2023
HCSEC-2023-07 - Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation security-vault	0	3725	March 10, 2023
HCSEC-2023-06 - Consul Server Panic when Ingress and API Gateways Configured with Peering Connections	0	3080	March 9, 2023
HCSEC-2023-05 - Nomad Client Vulnerable to Decompression Bombs in Artifact Block	0	2852	February 16, 2023