Security

Topic	Replies	Views	Activity
HCSEC-2022-08 - Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key security-vault	0	2691	March 4, 2022
HCSEC-2022-07 - Consul’s Connect Service Mesh Affected By Recent Envoy Security Releases security-consul	0	1439	March 1, 2022
HCSEC-2022-06 - Terraform Enterprise May Capture Sensitive Data In Logs security-terraform	0	3036	February 24, 2022
HCSEC-2022-05 - Consul Ingress Gateway Panic Can Shutdown Servers security-consul	0	2787	February 15, 2022
HCSEC-2022-04 - Nomad Spread Job Stanza May Trigger Panic in Servers security-nomad	0	2857	February 11, 2022
HCSEC-2022-03 - Nomad Malformed Job Parsing Results in Excessive CPU Usage security-nomad	0	2677	February 11, 2022
HCSEC-2022-02 - Nomad alloc Filesystem and Container Escape security-nomad	0	2781	February 11, 2022
HCSEC-2022-01 - Nomad Artifact Download Race Condition security-nomad	0	3066	February 11, 2022
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716) security-consul , security-vault , security-boundary , security-waypoint	0	1767	December 22, 2021
HCSEC-2021-33 - Vault’s KV Secrets Engine With Integrated Storage Exposed to Authenticated Denial of Service security-vault	0	2685	December 14, 2021
HCSEC-2021-32 - HashiCorp Response to Apache Log4j 2 Security Issue (CVE-2021-44228)	2	6794	December 22, 2021
HCSEC-2021-31 - Nomad QEMU Task Driver Allowed Paths Bypass with Job Args security-nomad	0	2594	November 23, 2021
HCSEC-2021-30 - Vault's Templated ACL Policies Matched First-Created Alias Per Entity and Auth Backend security-vault	1	3537	January 6, 2022
HCSEC-2021-29 - Consul Enterprise Namespace Default ACLs Allow Privilege Escalation security-consul	0	3388	November 13, 2021
HCSEC-2021-28 - Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards security-vault	0	2792	October 7, 2021
HCSEC-2021-27 - Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation security-vault	0	3264	October 7, 2021
HCSEC-2021-26 - Nomad Denial Of Service Via Submission Of Incomplete Job Specification Using Consul Mesh Gateway & Host Network security-nomad	0	2302	October 5, 2021
HCSEC-2021-25 - Terraform Enterprise Configuration Versions API Discloses Sensitive URL security-terraform	0	2786	September 14, 2021
HCSEC-2021-24 - Consul Missing Authorization Check on Txn.Apply Endpoint security-consul	0	3048	September 1, 2021
HCSEC-2021-23 - Consul Exposed to Denial of Service in GoGo Protobuf Dependency security-consul	0	3912	September 1, 2021
HCSEC-2021-22 - Consul Raft RPC Privilege Escalation security-consul	0	4291	September 1, 2021
HCSEC-2021-21 - Nomad Raft RPC Privilege Escalation security-nomad	0	2475	September 1, 2021
HCSEC-2021-20 - Vault’s Integrated Storage Backend Database File May Have Excessively Broad Permissions security-vault	1	3938	September 2, 2021
HCSEC-2021-19 - Vault’s UI Cached User-Viewed Secrets Between Shared Browser Sessions security-vault	0	3029	August 12, 2021
HCSEC-2021-18 - Terraform Enterprise Allowed Privilege Escalation Via Run Token security-terraform	0	2761	July 20, 2021
HCSEC-2021-17 - Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names security-consul	0	2819	July 15, 2021
HCSEC-2021-16 - Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy security-consul	0	3041	July 15, 2021
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs security-vault	1	3761	June 2, 2021
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node security-nomad	0	3822	May 12, 2021
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output security-vault	0	3054	May 6, 2021