|
HCSEC-2025-04 - Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
|
|
0
|
722
|
March 10, 2025
|
|
HCSEC-2025-03 - HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass
|
|
0
|
644
|
February 20, 2025
|
|
HCSEC-2025-02 - Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
|
|
0
|
626
|
February 12, 2025
|
|
HCSEC-2025-01 - HashiCorp go-slug Vulnerable to Zip Slip Attack
|
|
0
|
1066
|
January 21, 2025
|
|
HCSEC-2024-29 - Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Token
|
|
0
|
620
|
December 20, 2024
|
|
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
|
|
0
|
604
|
December 12, 2024
|
|
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
|
|
0
|
878
|
November 7, 2024
|
|
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests
|
|
0
|
1776
|
October 31, 2024
|
|
HCSEC-2024-24 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
|
|
0
|
1445
|
October 30, 2024
|
|
HCSEC-2024-23 - Consul L7 Intentions Vulnerable To Headers Bypass
|
|
0
|
1328
|
October 30, 2024
|
|
HCSEC-2024-22 - Consul L7 Intentions Vulnerable To URL Path Bypass
|
|
0
|
1471
|
October 30, 2024
|
|
HCSEC-2024-25 - Vagrant VMware Utility installation files vulnerable to modification by unprivileged user
|
|
0
|
991
|
October 29, 2024
|
|
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges
|
|
0
|
3165
|
October 10, 2024
|
|
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
|
|
0
|
2536
|
September 26, 2024
|
|
HCSEC-2024-19 - Terraform Enterprise’s Single Sign-On And Ruby SAML’s CVE-2024-45409
|
|
1
|
1293
|
October 21, 2024
|
|
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices
|
|
0
|
3032
|
August 31, 2024
|
|
HCSEC-2024-17 - Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
|
|
0
|
1407
|
August 14, 2024
|
|
HCSEC-2024-16 - Consul UI Development Workflows Vulnerable to Dependency Confusion
|
|
0
|
1003
|
July 25, 2024
|
|
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
|
|
0
|
1375
|
July 22, 2024
|
|
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
|
|
0
|
2258
|
July 11, 2024
|
|
HCSEC-2024-13 - HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
|
|
0
|
3360
|
June 25, 2024
|
|
HCSEC-2024-12 - go-retryablehttp can leak basic auth credentials to log files
|
|
0
|
2211
|
June 21, 2024
|
|
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
|
|
0
|
3996
|
June 12, 2024
|
|
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node
|
|
0
|
4140
|
April 30, 2024
|
|
HCSEC-2024-09 - HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
|
|
0
|
6893
|
April 17, 2024
|
|
HCSEC-2024-08 - Updates to HashiCorp Subprocessors
|
|
0
|
3366
|
April 11, 2024
|
|
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
|
|
0
|
5418
|
April 4, 2024
|
|
HCSEC-2024-06 - HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)
|
|
0
|
3772
|
April 2, 2024
|
|
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
|
|
0
|
10122
|
March 4, 2024
|
|
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements
|
|
0
|
5113
|
February 15, 2024
|