Known Vulnerabilities for products from HashiCorp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "HashiCorp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39946 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-39388 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-4660 json | Not Provided | 2026-04-09 | 2026-04-13 | |
| CVE-2023-25000 json | HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timin... | 4.7 - MEDIUM | 2023-03-30 | 2023-05-26 |
| CVE-2023-24999 json | HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy... | 8.1 - HIGH | 2023-03-11 | 2023-05-05 |
| CVE-2023-5954 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-09 | 2023-11-16 |
| CVE-2023-5834 json | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introduc... | 7.8 - HIGH | 2023-10-27 | 2023-11-13 |
| CVE-2023-5332 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2023-12-04 | 2023-12-07 |
| CVE-2023-5077 json | The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions up... | 7.5 - HIGH | 2023-09-29 | 2023-10-02 |
| CVE-2023-4782 json | Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted T... | 7.8 - HIGH | 2023-09-08 | 2023-09-12 |
| CVE-2023-4680 json | HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with c... | 6.8 - MEDIUM | 2023-09-15 | 2023-09-20 |
| CVE-2023-3775 json | A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can... | 4.9 - MEDIUM | 2023-09-29 | 2023-10-02 |
| CVE-2023-3774 json | An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in de... | 4.9 - MEDIUM | 2023-07-28 | 2023-08-03 |
| CVE-2023-3518 json | HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardles... | 7.3 - HIGH | 2023-08-09 | 2023-08-16 |
| CVE-2023-3462 json | HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may su... | 5.3 - MEDIUM | 2023-07-31 | 2023-08-04 |
| CVE-2023-3300 json | HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins t... | 5.3 - MEDIUM | 2023-07-20 | 2023-07-27 |
| CVE-2023-3299 json | HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected ... | 2.7 - LOW | 2023-07-20 | 2023-07-27 |
| CVE-2023-3114 json | Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace t... | 7.7 - HIGH | 2023-06-22 | 2023-07-03 |
| CVE-2023-3072 json | HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpe... | 3.8 - LOW | 2023-07-20 | 2023-07-27 |
| CVE-2023-2816 json | Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-d... | 6.5 - MEDIUM | 2023-06-02 | 2023-11-07 |
Known software with vulnerabilities from HashiCorp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hashicorp | Boundary | 0.1.0 |
| Application | Hashicorp | Consul | 0.1.0 |
| Application | Hashicorp | Consul Docker Image | 0.6.4 |
| Application | Hashicorp | Go-slug | 0.1.0 |
| Application | Hashicorp | Nomad | 0.0.0 |
| Application | Hashicorp | Packer | 0.1.0 |
| Application | Hashicorp | Sentinel | 0.1.0 |
| Application | Hashicorp | Terraform | 0.1.0 |
| Application | Hashicorp | Terraform Enterprise | 202007-1 |
| Application | Hashicorp | Vagrant | 5.0.1 |
| Application | Hashicorp | Vagrant Vmware Fusion | 2.3.5 |
| Application | Hashicorp | Vault | 0.1.0 |
| Application | Hashicorp | Vault-ssh-helper | - |
| Application | Hashicorp | Waypoint | 0.0.1 |