Security

Topic	Replies	Views	Activity
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates security-vault	0	1472	August 1, 2025
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse security-vault	0	1503	August 1, 2025
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass security-vault	0	1711	August 1, 2025
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method security-vault	0	1495	August 1, 2025
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host security-vault	0	5398	August 1, 2025
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges security-vault	0	2379	August 1, 2025
HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service security-vault	0	1307	June 25, 2025
HCSEC-2025-12 - Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job security-nomad	0	944	June 11, 2025
HCSEC-2025-10 - Update to HashiCorp Data Transfer Impact Assessment	0	280	May 23, 2025
HCSEC-2025-08 - Nomad Enterprise Vulnerable To Violation Of Mandatory Sentinel Policies in Job Submissions via Policy Override security-nomad	0	673	May 13, 2025
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin security-vault	0	2247	May 2, 2025
HCSEC-2025-07 - Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login security-vault	0	1047	May 2, 2025
HCSEC-2025-06 - Updates to HashiCorp Subprocessors	0	348	March 31, 2025
HCSEC-2025-05 - Terraform Enterprise’s Single Sign-On and Ruby SAML’s CVE-2025-25291 and CVE-2025-25292 security-terraform	0	780	March 13, 2025
HCSEC-2025-04 - Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs security-nomad	0	751	March 10, 2025
HCSEC-2025-03 - HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass	0	669	February 20, 2025
HCSEC-2025-02 - Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace security-nomad	0	642	February 12, 2025
HCSEC-2025-01 - HashiCorp go-slug Vulnerable to Zip Slip Attack	0	1089	January 21, 2025
HCSEC-2024-29 - Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Token security-nomad	0	659	December 20, 2024
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service security-boundary	0	619	December 12, 2024
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission security-nomad	0	893	November 7, 2024
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests security-vault	0	1792	October 31, 2024
HCSEC-2024-24 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation security-consul	0	1478	October 30, 2024
HCSEC-2024-23 - Consul L7 Intentions Vulnerable To Headers Bypass security-consul	0	1349	October 30, 2024
HCSEC-2024-22 - Consul L7 Intentions Vulnerable To URL Path Bypass security-consul	0	1504	October 30, 2024
HCSEC-2024-25 - Vagrant VMware Utility installation files vulnerable to modification by unprivileged user security-vagrant	0	1011	October 29, 2024
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges security-vault	0	3192	October 10, 2024
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default security-vault	0	2561	September 26, 2024
HCSEC-2024-19 - Terraform Enterprise’s Single Sign-On And Ruby SAML’s CVE-2024-45409 security-terraform	1	1305	October 21, 2024
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices security-vault	0	3055	August 31, 2024