HCSEC-2021-17 - Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names
|
|
0
|
6785
|
July 15, 2021
|
HCSEC-2021-16 - Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy
|
|
0
|
7281
|
July 15, 2021
|
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs
|
|
1
|
7424
|
June 2, 2021
|
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node
|
|
0
|
7427
|
May 12, 2021
|
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output
|
|
0
|
6671
|
May 6, 2021
|
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure
|
|
2
|
64658
|
May 4, 2021
|
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth
|
|
0
|
7097
|
April 21, 2021
|
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates
|
|
0
|
6731
|
April 21, 2021
|
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
|
|
0
|
7472
|
April 21, 2021
|
HCSEC-2021-08 - Consul Enterprise Audit Log Bypass for HTTP Events
|
|
0
|
6672
|
April 19, 2021
|
HCSEC-2021-07 - Consul API KV Endpoint Vulnerable to Cross-Site Scripting
|
|
0
|
7928
|
April 19, 2021
|
HCSEC-2021-06 - Terraform Enterprise Organization-Level MFA Requirement Was Not Enforced
|
|
0
|
6569
|
March 23, 2021
|
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication
|
|
0
|
6447
|
February 26, 2021
|
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
|
|
0
|
6801
|
January 29, 2021
|
HCSEC-2021-03 - Vault API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication
|
|
0
|
7351
|
January 29, 2021
|
HCSEC-2021-02 - Vault API Endpoint Exposed Internal IP Address Without Authentication
|
|
0
|
7033
|
January 29, 2021
|
HCSEC-2021-01 - Nomad’s Exec and Java Task Drivers Did Not Isolate Processes
|
|
0
|
6386
|
January 29, 2021
|
HCSEC-2020-25 - Vault’s LDAP Auth Method Allows User Enumeration
|
|
0
|
7019
|
December 16, 2020
|
HCSEC-2020-24 - Vault Enterprise’s Sentinel EGP Policies May Impact Parent or Sibling Namespaces
|
|
0
|
6387
|
December 16, 2020
|
HCSEC-2020-23 - Nomad File Sandbox Escape via Container Volume Mount
|
|
0
|
3725
|
November 25, 2020
|
HCSEC-2020-22 - Consul Operator Read ACL Enables Connect Service Masquerading
|
|
0
|
3569
|
November 25, 2020
|
HCSEC-2020-21 - Nomad File Sandbox Escape via Template and Artifact Stanzas
|
|
0
|
3648
|
November 25, 2020
|
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration
|
|
1
|
3878
|
September 2, 2021
|
HCSEC-2020-19 - Consul Enterprise Namespace Config Entry Replication Denial of Service
|
|
0
|
3549
|
November 25, 2020
|
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly
|
|
0
|
3519
|
November 25, 2020
|
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass
|
|
0
|
3591
|
November 25, 2020
|
HCSEC-2020-16 - Vault’s AWS Auth Method Allows Authentication Bypass
|
|
0
|
3742
|
November 25, 2020
|
HCSEC-2020-15 - Terraform Enterprise Allowed Local Account Creation Bypassing SSO
|
|
0
|
4207
|
November 25, 2020
|
HCSEC-2020-14 - Consul DNS and HTTP Cache Abuse Denial of Service
|
|
0
|
3589
|
November 25, 2020
|
HCSEC-2020-13 - Vault Proxy Environment Variable Was Logged to STDOUT
|
|
0
|
3530
|
November 25, 2020
|