Hashicorp Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by hashicorp
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Zip-Slip Vulnerability in HashiCorp's go-slug Library
CVE-2025-0377HashicorpShared Library7.5HIGHArbitrary Cross-Namespace Volume Creation Vulnerability
CVE-2024-10975HashicorpNomad7.7HIGHRoot Privileges Escalation Vulnerability in Vault
CVE-2024-9180HashicorpVault7.2HIGHVault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594HashicorpVault7.5HIGHNomad Platform Vulnerable to Path Escape During Migration
CVE-2024-6717HashicorpNomad7.7HIGHMalicious Git Configuration Execution via go-getter Library
CVE-2024-6257HashicorpShared Library8.4HIGHGit Injection Vulnerability Affects HashiCorp's go-getter Library
CVE-2024-3817HashicorpShared Library9.8CRITICALCertificate Validation Bypass Vulnerability
CVE-2024-2048HashicorpVaultππ°8.1HIGHNomad Client User Arbitrary File Write Vulnerability
CVE-2024-1329HashicorpNomad7.5HIGHTLS Certificate Tampering Vulnerability in Boundary Enterprise
CVE-2024-1052HashicorpBoundary8HIGHVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337HashiCorpVault7.5HIGHVault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
CVE-2023-5954HashiCorpVault7.5HIGHVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
CVE-2023-5077HashicorpVault7.5HIGHJWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
CVE-2023-3518HashicorpConsul7.4HIGHConsul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
CVE-2023-2816HashicorpConsul8.7HIGHNomad Unauthenticated Client Agent HTTP Request Privilege Escalation
CVE-2023-1782HashicorpNomad10CRITICALNomad Job Submitter Privilege Escalation Using Workload Identity
CVE-2023-1299HashiCorpNomad8.8HIGHVault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
CVE-2023-24999HashiCorpVault8.1HIGHBoundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured
CVE-2023-0690HashiCorpBoundary7.1HIGHLocal Privilege Escalation Vulnerability in Hashicorp Packer on Linux
CVE-2022-42717HashicorpVagrant7.8HIGHInput Validation Flaw in HasciCorp Consul Leading to JWT Claim Vulnerabilities
CVE-2021-41803HashicorpConsul7.1HIGHIdentity Engine Vulnerability in HashiCorp Vault Affects Multiple Mount Accessors
CVE-2022-40186HashicorpVault9.1CRITICALPrivilege Escalation Vulnerability in HashiCorp Boundary
CVE-2022-36130HashicorpBoundary9.9CRITICALData Exposure Vulnerability in HashiCorp Consul Template
CVE-2022-38149HashicorpConsul Template7.5HIGHUnauthenticated API Vulnerability in HashiCorp Vault Enterprise
CVE-2022-36129HashicorpVault9.1CRITICAL