Security

Topic	Replies	Views	Activity
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates security-vault	0	9467	March 4, 2024
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements security-terraform	0	4925	February 15, 2024
HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack security-nomad	0	6391	February 8, 2024
HCSEC-2024-02 - Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering security-boundary	0	5760	February 5, 2024
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device security-vault	0	6363	February 1, 2024
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests security-vault	0	9332	December 8, 2023
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption security-vault	0	7838	November 9, 2023
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487) security-consul , security-vault , security-boundary	0	13186	November 2, 2023
HCSEC-2023-31 - Vagrant’s Windows Installer Allowed Directory Junction Write security-vagrant	0	7445	October 27, 2023
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets security-vault	0	7812	September 28, 2023
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service security-vault	0	7902	September 28, 2023
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption security-vault	0	8364	September 14, 2023
HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation security-terraform	0	9250	September 8, 2023
HCSEC-2023-26 - Terraform’s Handling Of Duplicate Map Keys In Configurations May Have Security Implications security-terraform	0	7304	August 24, 2023
HCSEC-2023-25 - Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers security-consul	0	7871	August 8, 2023
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration security-vault	0	8263	July 31, 2023
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service security-vault	0	7934	July 28, 2023
HCSEC-2023-22 - Nomad Search API Leaks Information About CSI Plugins security-nomad	0	5707	July 19, 2023
HCSEC-2023-21 - Nomad Caller ACL Token's Secret ID is Exposed to Sentinel security-nomad	0	5591	July 19, 2023
HCSEC-2023-20 - Nomad ACL Policies without Label are Applied to Unexpected Resources security-nomad	0	5798	July 19, 2023
HCSEC-2023-19 - Terraform Enterprise, Docker Engine, and Go’s CVE-2023-24540 security-terraform	1	7063	June 28, 2023
HCSEC-2023-18 - Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces to Target an Agent Pool security-terraform	0	6130	June 22, 2023
HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection security-vault	0	6760	June 9, 2023
HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner security-consul	0	6176	June 2, 2023
HCSEC-2023-15 - Consul Cluster Peering can Result in Denial of Service security-consul	0	6434	June 2, 2023
HCSEC-2023-14 - Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM security-vault	0	6059	May 1, 2023
HCSEC-2023-13 - Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation	0	6049	April 5, 2023
HCSEC-2023-12 - Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File security-vault	0	7360	March 30, 2023
HCSEC-2023-11 - Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata security-vault	0	6263	March 30, 2023
HCSEC-2023-10 - Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations security-vault	0	7742	March 30, 2023