|
HCSEC-2024-17 - Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
|
|
0
|
1422
|
August 14, 2024
|
|
HCSEC-2024-16 - Consul UI Development Workflows Vulnerable to Dependency Confusion
|
|
0
|
1018
|
July 25, 2024
|
|
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
|
|
0
|
1393
|
July 22, 2024
|
|
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
|
|
0
|
2282
|
July 11, 2024
|
|
HCSEC-2024-13 - HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
|
|
0
|
3387
|
June 25, 2024
|
|
HCSEC-2024-12 - go-retryablehttp can leak basic auth credentials to log files
|
|
0
|
2238
|
June 21, 2024
|
|
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
|
|
0
|
4037
|
June 12, 2024
|
|
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node
|
|
0
|
4156
|
April 30, 2024
|
|
HCSEC-2024-09 - HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
|
|
0
|
6945
|
April 17, 2024
|
|
HCSEC-2024-08 - Updates to HashiCorp Subprocessors
|
|
0
|
3375
|
April 11, 2024
|
|
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
|
|
0
|
5448
|
April 4, 2024
|
|
HCSEC-2024-06 - HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)
|
|
0
|
3782
|
April 2, 2024
|
|
HCSEC-2024-05 - Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
|
|
0
|
10182
|
March 4, 2024
|
|
HCSEC-2024-04 - Terraform Registry Module Supply Chain Security Improvements
|
|
0
|
5178
|
February 15, 2024
|
|
HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack
|
|
0
|
6572
|
February 8, 2024
|
|
HCSEC-2024-02 - Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
|
|
0
|
5870
|
February 5, 2024
|
|
HCSEC-2024-01 - Vault May Expose Sensitive Information When Configuring An Audit Log Device
|
|
0
|
6618
|
February 1, 2024
|
|
HCSEC-2023-34 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
|
|
0
|
9597
|
December 8, 2023
|
|
HCSEC-2023-33 - Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
|
|
0
|
7998
|
November 9, 2023
|
|
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487)
|
|
0
|
14018
|
November 2, 2023
|
|
HCSEC-2023-31 - Vagrant’s Windows Installer Allowed Directory Junction Write
|
|
0
|
7553
|
October 27, 2023
|
|
HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
|
|
0
|
7925
|
September 28, 2023
|
|
HCSEC-2023-29 - Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
|
|
0
|
8013
|
September 28, 2023
|
|
HCSEC-2023-28 - Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
|
|
0
|
8507
|
September 14, 2023
|
|
HCSEC-2023-27 - Terraform Allows Arbitrary File Write During Init Operation
|
|
0
|
9620
|
September 8, 2023
|
|
HCSEC-2023-26 - Terraform’s Handling Of Duplicate Map Keys In Configurations May Have Security Implications
|
|
0
|
7437
|
August 24, 2023
|
|
HCSEC-2023-25 - Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
|
|
0
|
8025
|
August 8, 2023
|
|
HCSEC-2023-24 - Vault's LDAP Auth Method Allows for User Enumeration
|
|
0
|
8430
|
July 31, 2023
|
|
HCSEC-2023-23 - Vault Enterprise Namespace Creation May Lead to Denial of Service
|
|
0
|
8055
|
July 28, 2023
|
|
HCSEC-2023-22 - Nomad Search API Leaks Information About CSI Plugins
|
|
0
|
5836
|
July 19, 2023
|