Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-3867
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
Hashicorp Nomad 1.4.0
Hashicorp Nomad 1.4.1
7.5
CVSSv3
CVE-2021-3282
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Hashicorp Vault 1.6.0
Hashicorp Vault 1.6.1
8.6
CVSSv3
CVE-2022-30321
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
8.6
CVSSv3
CVE-2022-30322
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
8.6
CVSSv3
CVE-2022-30323
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
9.8
CVSSv3
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
1 Github repository
6.5
CVSSv3
CVE-2023-0475
HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.
Hashicorp Go-getter
Hashicorp Go-getter 2.1.1
8.1
CVSSv3
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
Hashicorp Consul
Hashicorp Consul 1.1.0
2.7
CVSSv3
CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
Hashicorp Nomad
5.3
CVSSv3
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
Hashicorp Nomad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »