Security

Topic	Replies	Views	Activity
HCSEC-2021-17 - Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names security-consul	0	6785	July 15, 2021
HCSEC-2021-16 - Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy security-consul	0	7281	July 15, 2021
HCSEC-2021-15 - Vault Renewed Nearly-Expired Leases With Incorrect Non-Expiring TTLs security-vault	1	7424	June 2, 2021
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node security-nomad	0	7427	May 12, 2021
HCSEC-2021-13 - Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output security-vault	0	6671	May 6, 2021
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure security-nomad , security-consul , security-vault , security-terraform	2	64658	May 4, 2021
HCSEC-2021-11 - Terraform’s Vault Provider Did Not Correctly Configure Bound Labels for GCP Auth security-vault , security-terraform	0	7097	April 21, 2021
HCSEC-2021-10 - Vault’s Cassandra Integrations Did Not Validate TLS Certificates security-vault	0	6731	April 21, 2021
HCSEC-2021-09 - Vault’s PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy security-vault	0	7472	April 21, 2021
HCSEC-2021-08 - Consul Enterprise Audit Log Bypass for HTTP Events security-consul	0	6672	April 19, 2021
HCSEC-2021-07 - Consul API KV Endpoint Vulnerable to Cross-Site Scripting security-consul	0	7928	April 19, 2021
HCSEC-2021-06 - Terraform Enterprise Organization-Level MFA Requirement Was Not Enforced security-terraform	0	6569	March 23, 2021
HCSEC-2021-05 - Vault Enterprise’s DR Secondaries Exposed License Metadata Without Authentication security-vault	0	6447	February 26, 2021
HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication security-vault	0	6801	January 29, 2021
HCSEC-2021-03 - Vault API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication security-vault	0	7351	January 29, 2021
HCSEC-2021-02 - Vault API Endpoint Exposed Internal IP Address Without Authentication security-vault	0	7033	January 29, 2021
HCSEC-2021-01 - Nomad’s Exec and Java Task Drivers Did Not Isolate Processes security-nomad	0	6386	January 29, 2021
HCSEC-2020-25 - Vault’s LDAP Auth Method Allows User Enumeration security-vault	0	7019	December 16, 2020
HCSEC-2020-24 - Vault Enterprise’s Sentinel EGP Policies May Impact Parent or Sibling Namespaces security-vault	0	6387	December 16, 2020
HCSEC-2020-23 - Nomad File Sandbox Escape via Container Volume Mount security-nomad	0	3725	November 25, 2020
HCSEC-2020-22 - Consul Operator Read ACL Enables Connect Service Masquerading security-consul	0	3569	November 25, 2020
HCSEC-2020-21 - Nomad File Sandbox Escape via Template and Artifact Stanzas security-nomad	0	3648	November 25, 2020
HCSEC-2020-20 - Vault Leases Created with Batch Tokens have Invalid Expiration security-vault	1	3878	September 2, 2021
HCSEC-2020-19 - Consul Enterprise Namespace Config Entry Replication Denial of Service security-consul	0	3549	November 25, 2020
HCSEC-2020-18 - Vault SSH Helper Validated IP Addresses Incorrectly security-vault	0	3519	November 25, 2020
HCSEC-2020-17 - Vault’s GCP Auth Method Allows Authentication Bypass security-vault	0	3591	November 25, 2020
HCSEC-2020-16 - Vault’s AWS Auth Method Allows Authentication Bypass security-vault	0	3742	November 25, 2020
HCSEC-2020-15 - Terraform Enterprise Allowed Local Account Creation Bypassing SSO security-terraform	0	4207	November 25, 2020
HCSEC-2020-14 - Consul DNS and HTTP Cache Abuse Denial of Service security-consul	0	3589	November 25, 2020
HCSEC-2020-13 - Vault Proxy Environment Variable Was Logged to STDOUT security-vault	0	3530	November 25, 2020