Lucene search
K
HashicorpRecent

189 matches found

HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/31 12:38 p.m.7 views

Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests

Summary Vault Community and Vault Enterprise “Vault” clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service DoS attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may...

7.5CVSS7AI score0.00479EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/30 9:18 p.m.7 views

Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation

Summary A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. This vulnerability, identified as CVE-2024-10086, is fixed in Consu...

6.1CVSS6.7AI score0.00427EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/30 9:15 p.m.8 views

Consul L7 Intentions Vulnerable To Headers Bypass

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. This vulnerability, identified as CVE-2024-10006, is fixed in Consul Community Edition 1.20.1 and Consul Enterprise 1.20.1,...

8.3CVSS6.7AI score0.00473EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/30 9:11 p.m.8 views

Consul L7 Intentions Vulnerable To URL Path Bypass

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This vulnerability, identified as CVE-2024-10005, is fixed in Consul Community Edition 1.20.1 and Consul Enterprise...

8.1CVSS7AI score0.00731EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/29 9:29 p.m.10 views

Vagrant VMware Utility installation files vulnerable to modification by unprivileged user

Summary The Vagrant VMware Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMware Utility 1.0.23...

3.8CVSS6.1AI score0.00141EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/10 8:37 p.m.8 views

Vault Operators in Root Namespace May Elevate Their Privileges

Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....

7.2CVSS7AI score0.00528EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/09/26 7:32 p.m.9 views

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Summary Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be...

8.8CVSS6.9AI score0.00269EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/09/24 5:39 p.m.6 views

Terraform Enterprise’s Single Sign-On And Ruby SAML’s CVE-2024-45409

Summary Terraform Enterprise’s single sign-on functionality is implemented using the Ruby SAML library, which disclosed an authentication bypass vulnerability exploitable by an XML signature wrapping attack. This vulnerability, CVE-2024-45409, was addressed by an upgrade of the Ruby SAML version...

10CVSS6.8AI score0.10684EPSS
Exploits3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/08/31 12:59 a.m.6 views

Vault Leaks Client Token and Token Accessor in Audit Devices

Summary Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors...

6.5CVSS6.6AI score0.00474EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/08/14 11:17 p.m.7 views

Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

Summary In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS6.3AI score0.00333EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/07/25 6:33 p.m.15 views

Consul UI Development Workflows Vulnerable to Dependency Confusion

Summary HashiCorp Consul and Consul Enterprise development workflows for releases from 1.12.0 up to 1.17.6, 1.18.2, and 1.19.0 were vulnerable to frontend dependency confusion which exclusively impacted development environments. This vulnerability was fixed in Consul development workflows for...

6.2AI score
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/07/22 10:54 p.m.6 views

Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking

Summary HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. Background Nomad creates a working directory fo...

8.6CVSS6.4AI score0.00388EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/07/11 7:29 p.m.7 views

Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Summary Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, t...

7.5CVSS6.9AI score0.00491EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/06/25 12:17 a.m.5 views

HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation

Summary HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. This vulnerability, CVE-2024-6257, was fixed in go-getter 1.7.5. Background HashiCorp’s go-getter is a library for...

8.8CVSS7.1AI score0.00973EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/06/21 9:51 p.m.4 views

go-retryablehttp can leak basic auth credentials to log files

Summary go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. Background go-retryablehttp i...

6CVSS6.7AI score0.00358EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/06/12 6:47 p.m.10 views

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...

7.5CVSS6.3AI score0.00343EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/04/30 2:49 p.m.6 views

Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node

Summary Vault Enterprise, when configured with both performance standby nodes and an audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request header information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault...

5.5CVSS6.1AI score0.00169EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/04/17 7:34 p.m.6 views

HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches

Summary HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability, CVE-2024-3817, is fixed in go-getter 1.7.4. This vulnerability does not affect the go-getter/v2 branch and package. Background HashiCorp’s go-getter is a...

9.8CVSS7AI score0.01329EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/04/04 5:43 p.m.7 views

Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses

Summary Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1...

6.8CVSS6.6AI score0.00303EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/04/02 5:57 p.m.5 views

HashiCorp Response to XZ Utils Supply Chain Attack (CVE-2024-3094)

Summary HashiCorp products and services have no known exposure to the XZ Utils xz/liblzma supply chain attack and associated vulnerability, CVE-2024-3094, at this time. This bulletin will be updated if this situation changes. Background A supply chain attack that introduced malicious code into th...

10CVSS7.1AI score0.85974EPSS
Exploits40
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/03/04 7:10 p.m.7 views

Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

Summary Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate . In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

9.8CVSS7AI score0.00447EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/02/08 10:31 p.m.6 views

Nomad Vulnerable to Arbitrary Write Through Symlink Attack

Summary HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. Background Nomad provides...

7.7CVSS6.9AI score0.00617EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/02/05 6:49 p.m.5 views

Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering

Summary Boundary and Boundary Enterprise “Boundary” is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use TOFU token may craft a...

8CVSS6.8AI score0.00294EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/02/01 12:5 a.m.5 views

Vault May Expose Sensitive Information When Configuring An Audit Log Device

Summary Vault and Vault Enterprise “Vault” may expose sensitive information when enabling an audit device which specifies the lograw option, which may log sensitive information to other audit devices, regardless of whether they are configured to use lograw . This vulnerability, CVE-2024-0831, was...

6.5CVSS6.4AI score0.00764EPSS
Exploits1Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/12/08 8:45 p.m.6 views

Vault Vulnerable to Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests

Summary Vault and Vault Enterprise “Vault” is vulnerable to denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory o...

7.5CVSS6.8AI score0.00792EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/11/09 5:52 p.m.6 views

Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption

Summary Vault and Vault Enterprise “Vault” inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. This vulnerability, CVE-2023-5954, is fixed in Vault 1.15.2, 1.14.6, and 1.13.10. Background...

7.5CVSS6.7AI score0.00719EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/11/02 10:19 p.m.5 views

Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487)

Summary A denial of service vulnerability was identified in many implementations of the HTTP/2 protocol CVE-2023-44487, including Go’s implementation CVE-2023-39325. This was addressed by updating vulnerable components for the affected HashiCorp products listed above. Background In October 2023, ...

7.5CVSS6.8AI score0.99999EPSS
Exploits19
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/10/27 9:4 p.m.5 views

Vagrant’s Windows Installer Allowed Directory Junction Write

Summary The Vagrant Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. This vulnerability, CVE-2023-5834, was fixed in Vagrant 2.4.0. Background Vagrant is distributed in a range of...

7.8CVSS6.9AI score0.00223EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/28 11:12 p.m.7 views

Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

Summary The Vault and Vault Enterprise “Vault” Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. This vulnerability, CVE-2023-5077, was fixed in Vault 1.13.0. For this retroactive bulletin, the Vault 1.13 fix for this issue has...

7.6CVSS6.9AI score0.00436EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/28 11:8 p.m.5 views

Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service

Summary A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. This vulnerability, CVE-2023-3775, is fixed in Vaul...

4.9CVSS6.1AI score0.00451EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/14 10:49 p.m.6 views

Vault’s Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

Summary The Vault and Vault Enterprise “Vault” transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive t...

6.8CVSS6.7AI score0.00368EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/08 4:33 p.m.7 views

Terraform Allows Arbitrary File Write During Init Operation

Summary Terraform 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability, CVE-2023-4782, was fixed in Terraform 1.5.7. Background The core Terraform workflow uses 3 main operations; init , plan , and appl...

7.8CVSS7AI score0.00255EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/08/08 9:2 p.m.6 views

Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1. Background Consu...

7.4CVSS6.9AI score0.0038EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/31 10:26 p.m.6 views

Vault's LDAP Auth Method Allows for User Enumeration

Summary The Vault and Vault Enterprise “Vault” LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames. This vulnerability, CVE-2023-3462, is fixed in Vault 1.14.1 and 1.13.5...

5.3CVSS6.5AI score0.00613EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/28 12:42 a.m.8 views

Vault Enterprise Namespace Creation May Lead to Denial of Service

Summary An unhandled error in Vault Enterprise’s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. This vulnerability, CVE-2023-3774, is fixed in Vault Enterprise 1.14.1, 1.13.5, and 1.12.9. Background Namespaces are a Vault Enterprise feature th...

4.9CVSS6.1AI score0.00575EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/19 11:19 p.m.8 views

Nomad Search API Leaks Information About CSI Plugins

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0...

5.3CVSS6.2AI score0.0047EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/19 11:16 p.m.5 views

Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

Summary A vulnerability was identified in Nomad Enterprise such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad Enterprise from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11. Background Nomad...

3.4CVSS6AI score0.00493EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/07/19 11:11 p.m.4 views

Nomad ACL Policies without Label are Applied to Unexpected Resources

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11. Backgroun...

4.1CVSS6AI score0.00364EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/06/28 11:1 p.m.5 views

Terraform Enterprise, Docker Engine, and Go’s CVE-2023-24540

Summary Up until June 2023, Docker Engine 20.10 was the highest release officially supported by Terraform Enterprise TFE. However, that version is no longer supported by Docker and was built using a version of Go that has since had a number of CVEs disclosed. While these CVEs are unlikely to be...

9.8CVSS6.6AI score0.01548EPSS
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/06/22 7:16 p.m.5 views

Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces to Target an Agent Pool

Summary Terraform Enterprise since version v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents within the organization. This authorization flaw could potentially allow a workspace to access resources from a separat...

7.7CVSS6.9AI score0.0042EPSS
Exploits0
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/06/09 4:52 p.m.7 views

Vault’s KV Diff Viewer Allowed HTML Injection

Summary Vault and Vault Enterprise’s Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. Background Vault 1.10.0 introduced the ability to easily review the...

5.4CVSS6.2AI score0.00417EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/06/02 9:38 p.m.6 views

Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permissi...

8.7CVSS6.7AI score0.00585EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/06/02 5:35 p.m.7 views

Consul Cluster Peering can Result in Denial of Service

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability, CVE-2023-1297, was resolved in Consul 1.14.7, and 1.15.3...

7.5CVSS7AI score0.00768EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/05/01 7:35 p.m.10 views

Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-Based Encryption Mechanism with a HSM

Summary A vulnerability was identified for specific Vault Enterprise “Vault” HSM integration configurations in which a padding oracle attack may be possible, due to Vault not properly applying an HMAC to messages sent from the HSM when using a CBC-based encryption mechanism. An attacker with...

2.5CVSS6AI score0.00086EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/04/05 6:30 p.m.7 views

Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that an unauthenticated request sent to a client agent’s HTTP endpoint bypasses intended ACL authorizations when processed on server through internal RPCs. In doing so, unauthenticated HTTP requests can be used to...

9.9CVSS6.9AI score0.00759EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/03/30 12:10 a.m.5 views

Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File

Summary When using Vault’s community-supported Microsoft SQL MSSQL database storage backend, a privileged attacker with the ability to write arbitrary data to Vault’s configuration may be able to perform arbitrary SQL commands on the underlying database server through Vault. This vulnerability,...

6.7CVSS6.8AI score0.00378EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/03/30 12:8 a.m.5 views

Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata

Summary Vault’s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. This vulnerabilit...

6.5CVSS6.5AI score0.00332EPSS
Exploits0Affected Software2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/03/30 12:2 a.m.5 views

Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations

Summary HashiCorp Vault’s implementation of Shamir’s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space...

5CVSS6.3AI score0.0021EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/03/13 9:0 p.m.7 views

Nomad ACLs Can Not Deny Access to Workload's Own Variables

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a deny ACL capability could not be applied to a workload’s own variables. If included, the Nomad ACL system will silently fail to block access. This vulnerability, CVE-2023-1296, was fixed in Nomad 1.4.6 and...

5.3CVSS6.2AI score0.0054EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/03/13 8:56 p.m.6 views

Nomad Job Submitter Privilege Escalation Using Workload Identity

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...

8.8CVSS7.1AI score0.00532EPSS
Exploits0Affected Software1
Total number of security vulnerabilities189