Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-5332
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
Gitlab Gitlab
Gitlab Gitlab 16.4.0
Hashicorp Consul
Hashicorp Consul 1.1.0
8.1
CVSSv3
CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, ...
Hashicorp Vault
8.1
CVSSv3
CVE-2021-42135
HashiCorp Vault and Vault Enterprise 1.8.x up to and including 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the ...
Hashicorp Vault
8.1
CVSSv3
CVE-2019-8336
HashiCorp Consul (and Consul Enterprise) 1.4.x prior to 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is use...
Hashicorp Consul
8.1
CVSSv3
CVE-2018-19786
HashiCorp Vault prior to 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
Hashicorp Vault
8
CVSSv3
CVE-2024-1052
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use...
Hashicorp Boundary
7.8
CVSSv3
CVE-2023-5834
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
Hashicorp Vagrant
7.8
CVSSv3
CVE-2023-4782
Terraform version 1.0.8 up to and including 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.
Hashicorp Terraform
7.8
CVSSv3
CVE-2022-42717
An issue exists in Hashicorp Packer prior to 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to ex...
Hashicorp Vagrant
7.8
CVSSv3
CVE-2017-16512
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 up to and including 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
Hashicorp Vagrant Vmware Fusion
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »