Security

Topic	Replies	Views	Activity
HCSEC-2023-08 - Nomad Job Submitter Privilege Escalation Using Workload Identity security-nomad	0	5360	March 13, 2023
HCSEC-2023-09 - Nomad ACLs Can Not Deny Access to Workload's Own Variables security-nomad	0	5332	March 13, 2023
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host security-vault	0	5293	August 1, 2025
HCSEC-2023-05 - Nomad Client Vulnerable to Decompression Bombs in Artifact Block	0	5241	February 16, 2023
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements security-terraform	0	5138	February 15, 2024
HCSEC-2023-03 - Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured security-boundary	0	5122	February 8, 2023
HCSEC-2020-15 - Terraform Enterprise Allowed Local Account Creation Bypassing SSO security-terraform	0	5024	November 25, 2020
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission security-nomad	0	884	November 7, 2024
HCSEC-2022-07 - Consul’s Connect Service Mesh Affected By Recent Envoy Security Releases security-consul	0	4881	March 1, 2022
HCSEC-2022-11 - HashiCorp GPG Signing Subkey Change	0	4499	April 18, 2022
HCSEC-2020-16 - Vault’s AWS Auth Method Allows Authentication Bypass security-vault	0	4478	November 25, 2020
HCSEC-2020-23 - Nomad File Sandbox Escape via Container Volume Mount security-nomad	0	4395	November 25, 2020
HCSEC-2020-03 - Vault Enterprise’s Dynamic Secrets May Persist After Namespace Deletion security-vault	0	4300	November 25, 2020
HCSEC-2020-02 - Consul’s HTTP/RPC Services Allow Unbounded Resource Usage, Susceptible to Unauthenticated Denial of Service security-consul	0	4295	November 25, 2020
HCSEC-2020-14 - Consul DNS and HTTP Cache Abuse Denial of Service security-consul	0	4290	November 25, 2020
HCSEC-2020-21 - Nomad File Sandbox Escape via Template and Artifact Stanzas security-nomad	0	4287	November 25, 2020
HCSEC-2022-12 - Vault’s Login MFA Configuration And Enforcement Not Reloaded After Restart security-vault	0	4269	May 16, 2022
HCSEC-2020-04 - Consul's Health Check API Endpoints May Disclose Information security-consul	0	4250	November 25, 2020
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass security-vault	0	4243	November 25, 2020
HCSEC-2020-11 - Consul Legacy ACL Permission Changes Not Propagated to Secondary Datacenters security-consul	0	4230	November 25, 2020
HCSEC-2020-22 - Consul Operator Read ACL Enables Connect Service Masquerading security-consul	0	4216	November 25, 2020
HCSEC-2020-19 - Consul Enterprise Namespace Config Entry Replication Denial of Service security-consul	0	4214	November 25, 2020
HCSEC-2020-07 - Vault Enterprise Prefixed Mount Policies May Result In Unauthorized Namespace Access security-vault	0	4206	November 25, 2020
HCSEC-2020-12 - Consul Local ACL Token Can Be Used in Remote Datacenters security-consul	0	4201	November 25, 2020
HCSEC-2020-13 - Vault Proxy Environment Variable Was Logged to STDOUT security-vault	0	4181	November 25, 2020
HCSEC-2020-09 - Vault's GCP Secrets Engine Service Account Keys Not Enforcing Configured TTL security-vault	0	4168	November 25, 2020
HCSEC-2020-05 - Nomad's mTLS Authorization Mechanism Susceptible to Privilege Escalation security-nomad	0	4160	November 25, 2020
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly security-vault	0	4157	November 25, 2020
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node security-vault	0	4144	April 30, 2024
HCSEC-2020-01 - Nomad’s HTTP/RPC Services Allow Unbounded Resource Usage, Susceptible to Unauthenticated Denial of Service security-nomad	0	4137	November 25, 2020
HCSEC-2020-10 - Consul Server Crash With Invalid Service-Router Config Entry security-consul	0	4133	November 25, 2020
HCSEC-2020-08 - Nomad's Raw File View Vulnerable to Cross-Site Scripting security-nomad	0	4126	November 25, 2020
HCSEC-2020-06 - Vault Auth Groups Not Removed In Certain Circumstances security-vault	0	4095	November 25, 2020
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims security-vault	0	4015	June 12, 2024
HCSEC-2022-21 - Updates to HashiCorp Subprocessors Page	0	3860	September 28, 2022
HCSEC-2024-06 - HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)	0	3777	April 2, 2024
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service security-boundary	0	609	December 12, 2024
HCSEC-2024-13 - HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation	0	3370	June 25, 2024
HCSEC-2024-08 - Updates to HashiCorp Subprocessors	0	3368	April 11, 2024
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges security-vault	0	3179	October 10, 2024
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices security-vault	0	3043	August 31, 2024
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads security-vault	0	2627	August 28, 2025
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method security-vault	1	1816	February 13, 2026
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default security-vault	0	2548	September 26, 2024
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges security-vault	0	2338	August 1, 2025
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior security-vault	0	2264	July 11, 2024
HCSEC-2024-12 - go-retryablehttp can leak basic auth credentials to log files	0	2218	June 21, 2024
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin security-vault	0	2189	May 2, 2025
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias security-vault	0	2038	August 6, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression security-vault	0	1834	October 23, 2025