|
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service
|
|
0
|
2096
|
December 14, 2021
|
|
HCSEC-2021-32 - HashiCorp Response to Apache Log4j 2 Security Issue (CVE-2021-44228)
|
|
2
|
6196
|
December 22, 2021
|
|
HCSEC-2021-31 - Nomad QEMU Task Driver Allowed Paths Bypass with Job Args
|
|
0
|
1972
|
November 23, 2021
|
|
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend
|
|
1
|
2900
|
January 6, 2022
|
|
HCSEC-2021-29 - Consul Enterprise Namespace Default ACLs Allow Privilege Escalation
|
|
0
|
2497
|
November 13, 2021
|
|
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards
|
|
0
|
2187
|
October 7, 2021
|
|
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation
|
|
0
|
2637
|
October 7, 2021
|
|
HCSEC-2021-26 - Nomad Denial Of Service Via Submission Of Incomplete Job Specification Using Consul Mesh Gateway & Host Network
|
|
0
|
1722
|
October 5, 2021
|
|
HCSEC-2021-25 - Terraform Enterprise Configuration Versions API Discloses Sensitive URL
|
|
0
|
2158
|
September 14, 2021
|
|
HCSEC-2021-24 - Consul Missing Authorization Check on Txn.Apply Endpoint
|
|
0
|
2500
|
September 1, 2021
|
|
HCSEC-2021-23 - Consul Exposed to Denial of Service in GoGo Protobuf Dependency
|
|
0
|
3086
|
September 1, 2021
|
|
HCSEC-2021-22 - Consul Raft RPC Privilege Escalation
|
|
0
|
3564
|
September 1, 2021
|
|
HCSEC-2021-21 - Nomad Raft RPC Privilege Escalation
|
|
0
|
1895
|
September 1, 2021
|
|
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions
|
|
1
|
3255
|
September 2, 2021
|
|
HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions
|
|
0
|
2433
|
August 12, 2021
|
|
HCSEC-2021-18 - Terraform Enterprise Allowed Privilege Escalation Via Run Token
|
|
0
|
2153
|
July 20, 2021
|
|
HCSEC-2021-17 - Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names
|
|
0
|
2251
|
July 15, 2021
|
|
HCSEC-2021-16 Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy
|
|
0
|
2436
|
July 15, 2021
|
|
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs
|
|
1
|
3152
|
June 2, 2021
|
|
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node
|
|
0
|
3236
|
May 12, 2021
|
|
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output
|
|
0
|
2452
|
May 6, 2021
|
|
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure
|
|
2
|
53795
|
May 4, 2021
|
|
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth
|
|
0
|
2768
|
April 21, 2021
|
|
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates
|
|
0
|
2935
|
April 21, 2021
|
|
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
|
|
0
|
2969
|
April 21, 2021
|
|
HCSEC-2021-08 - Consul Enterprise Audit Log Bypass for HTTP Events
|
|
0
|
2556
|
April 19, 2021
|
|
HCSEC-2021-07 - Consul API KV Endpoint Vulnerable to Cross-Site Scripting
|
|
0
|
2793
|
April 19, 2021
|
|
HCSEC-2021-06 - Terraform Enterprise Organization-Level MFA Requirement Was Not Enforced
|
|
0
|
2492
|
March 23, 2021
|
|
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication
|
|
0
|
2530
|
February 26, 2021
|
|
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
|
|
0
|
2676
|
January 29, 2021
|