Security

Topic	Views	Activity
About HashiCorp security updates	12336	October 8, 2020
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	90	August 28, 2025
HCSEC-2025-23 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack	479	August 15, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise security-vault	4344	August 6, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1244	August 6, 2025
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	1475	August 6, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse security-vault	1147	August 1, 2025
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates security-vault	1087	August 1, 2025
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse security-vault	1070	August 1, 2025
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass security-vault	1208	August 1, 2025
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method security-vault	1101	August 1, 2025
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host security-vault	3853	August 1, 2025
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges security-vault	1700	August 1, 2025
HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service security-vault	816	June 25, 2025
HCSEC-2025-12 - Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job security-nomad	522	June 11, 2025
HCSEC-2025-10 - Update to HashiCorp Data Transfer Impact Assessment	177	May 23, 2025
HCSEC-2025-08 - Nomad Enterprise Vulnerable To Violation Of Mandatory Sentinel Policies in Job Submissions via Policy Override security-nomad	386	May 13, 2025
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin security-vault	1644	May 2, 2025
HCSEC-2025-07 - Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login security-vault	819	May 2, 2025
HCSEC-2025-06 - Updates to HashiCorp Subprocessors	243	March 31, 2025
HCSEC-2025-05 - Terraform Enterprise’s Single Sign-On and Ruby SAML’s CVE-2025-25291 and CVE-2025-25292 security-terraform	479	March 13, 2025
HCSEC-2025-04 - Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs security-nomad	385	March 10, 2025
HCSEC-2025-03 - HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass	469	February 20, 2025
HCSEC-2025-02 - Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace security-nomad	368	February 12, 2025
HCSEC-2025-01 - HashiCorp go-slug Vulnerable to Zip Slip Attack	856	January 21, 2025
HCSEC-2024-29 - Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Token security-nomad	485	December 20, 2024
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service security-boundary	440	December 12, 2024
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission security-nomad	698	November 7, 2024
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests security-vault	1605	October 31, 2024
HCSEC-2024-24 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation security-consul	1294	October 30, 2024