Known Vulnerabilities for products from HashiCorp

Listed below are 20 of the newest known vulnerabilities associated with the vendor "HashiCorp".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-39946 json Not Provided 2026-04-21 2026-04-21
CVE-2026-39388 json Not Provided 2026-04-21 2026-04-21
CVE-2026-4660 json Not Provided 2026-04-09 2026-04-13
CVE-2023-25000 json HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timin... 4.7 - MEDIUM 2023-03-30 2023-05-26
CVE-2023-24999 json HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy... 8.1 - HIGH 2023-03-11 2023-05-05
CVE-2023-5954 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2023-11-09 2023-11-16
CVE-2023-5834 json HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introduc... 7.8 - HIGH 2023-10-27 2023-11-13
CVE-2023-5332 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.1 - HIGH 2023-12-04 2023-12-07
CVE-2023-5077 json The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions up... 7.5 - HIGH 2023-09-29 2023-10-02
CVE-2023-4782 json Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted T... 7.8 - HIGH 2023-09-08 2023-09-12
CVE-2023-4680 json HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with c... 6.8 - MEDIUM 2023-09-15 2023-09-20
CVE-2023-3775 json A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can... 4.9 - MEDIUM 2023-09-29 2023-10-02
CVE-2023-3774 json An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in de... 4.9 - MEDIUM 2023-07-28 2023-08-03
CVE-2023-3518 json HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardles... 7.3 - HIGH 2023-08-09 2023-08-16
CVE-2023-3462 json HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may su... 5.3 - MEDIUM 2023-07-31 2023-08-04
CVE-2023-3300 json HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins t... 5.3 - MEDIUM 2023-07-20 2023-07-27
CVE-2023-3299 json HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected ... 2.7 - LOW 2023-07-20 2023-07-27
CVE-2023-3114 json Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace t... 7.7 - HIGH 2023-06-22 2023-07-03
CVE-2023-3072 json HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpe... 3.8 - LOW 2023-07-20 2023-07-27
CVE-2023-2816 json Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-d... 6.5 - MEDIUM 2023-06-02 2023-11-07

Known software with vulnerabilities from HashiCorp

Type Vendor Product Version
ApplicationHashicorpBoundary0.1.0
ApplicationHashicorpConsul0.1.0
ApplicationHashicorpConsul Docker Image0.6.4
ApplicationHashicorpGo-slug0.1.0
ApplicationHashicorpNomad0.0.0
ApplicationHashicorpPacker0.1.0
ApplicationHashicorpSentinel0.1.0
ApplicationHashicorpTerraform0.1.0
ApplicationHashicorpTerraform Enterprise202007-1
ApplicationHashicorpVagrant5.0.1
ApplicationHashicorpVagrant Vmware Fusion2.3.5
ApplicationHashicorpVault0.1.0
ApplicationHashicorpVault-ssh-helper-
ApplicationHashicorpWaypoint0.0.1