Known Vulnerabilities for products from Hashicorp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Hashicorp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24687 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-02-24 | 2023-08-08 |
| CVE-2022-24686 | HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condi... | 5.9 - MEDIUM | 2022-02-14 | 2022-05-11 |
| CVE-2022-24685 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-28 | 2022-08-11 |
| CVE-2022-24684 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-02-15 | 2023-08-08 |
| CVE-2022-24683 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-17 | 2022-05-11 |
| CVE-2021-43415 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2021-12-03 | 2023-08-08 |
| CVE-2021-42135 | HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and... | 8.1 - HIGH | 2021-10-11 | 2022-07-12 |
| CVE-2021-41865 | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to caus... | 6.5 - MEDIUM | 2021-10-07 | 2021-10-15 |
| CVE-2021-41805 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2021-12-12 | 2022-03-31 |
| CVE-2021-41803 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.1 - HIGH | 2022-09-23 | 2023-11-07 |
| CVE-2021-41802 | HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID shari... | 5.4 - MEDIUM | 2021-10-08 | 2022-09-08 |
| CVE-2021-40862 | HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authen... | 8.8 - HIGH | 2021-09-15 | 2022-07-12 |
| CVE-2021-38698 | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, ena... | 6.5 - MEDIUM | 2021-09-07 | 2022-09-14 |
| CVE-2021-38554 | HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single s... | 5.3 - MEDIUM | 2021-08-13 | 2022-09-08 |
| CVE-2021-38553 | HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrat... | 4.4 - MEDIUM | 2021-08-13 | 2022-10-25 |
| CVE-2021-37219 | HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the ... | 8.8 - HIGH | 2021-09-07 | 2022-09-08 |
| CVE-2021-37218 | HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA t... | 8.8 - HIGH | 2021-09-07 | 2021-09-13 |
| CVE-2021-36230 | HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requ... | 8.8 - HIGH | 2021-07-20 | 2021-07-29 |
| CVE-2021-36213 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention ... | 7.5 - HIGH | 2021-07-17 | 2022-09-14 |
| CVE-2021-32923 | HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifical... | 7.4 - HIGH | 2021-06-03 | 2022-10-25 |
Known software with vulnerabilities from Hashicorp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hashicorp | Boundary | 0.1.0 |
| Application | Hashicorp | Consul | 0.1.0 |
| Application | Hashicorp | Consul Docker Image | 0.6.4 |
| Application | Hashicorp | Go-slug | 0.1.0 |
| Application | Hashicorp | Nomad | 0.0.0 |
| Application | Hashicorp | Packer | 0.1.0 |
| Application | Hashicorp | Sentinel | 0.1.0 |
| Application | Hashicorp | Terraform | 0.1.0 |
| Application | Hashicorp | Terraform Enterprise | 202007-1 |
| Application | Hashicorp | Vagrant | 5.0.1 |
| Application | Hashicorp | Vagrant Vmware Fusion | 2.3.5 |
| Application | Hashicorp | Vault | 0.1.0 |
| Application | Hashicorp | Vault-ssh-helper | - |
| Application | Hashicorp | Waypoint | 0.0.1 |