Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-25594
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
Hashicorp Vault
5.3
CVSSv3
CVE-2020-35453
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Hashicorp Vault
9.1
CVSSv3
CVE-2022-40186
An issue exists in HashiCorp Vault and Vault Enterprise prior to 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue w...
Hashicorp Vault
7.5
CVSSv3
CVE-2021-32574
HashiCorp Consul and Consul Enterprise 1.3.0 up to and including 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
Hashicorp Consul
9.8
CVSSv3
CVE-2018-9057
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote malicious users to obtain access by leveraging an IAM account that was provis...
Hashicorp Terraform
7.5
CVSSv3
CVE-2019-19316
When using the Azure backend with a shared access signature (SAS), Terraform versions before 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
Hashicorp Terraform
7.5
CVSSv3
CVE-2021-28156
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
Hashicorp Consul
7.8
CVSSv3
CVE-2023-4782
Terraform version 1.0.8 up to and including 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.
Hashicorp Terraform
6.7
CVSSv3
CVE-2023-0620
HashiCorp Vault and Vault Enterprise versions 0.8.0 up to and including 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized ...
Hashicorp Vault
6.5
CVSSv3
CVE-2023-0665
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate iss...
Hashicorp Vault
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »