CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10005 – Consul L7 Intentions Vulnerable To URL Path Bypass
https://notcve.org/view.php?id=CVE-2024-10005
30 Oct 2024 — A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. Se identificó una vulnerabilidad en Consul y Consul Enterprise (“Consul”) tal que el uso de rutas URL en intenciones de tráfico L7 podría eludir las reglas de acceso basadas en rutas de solicitud HTTP. • https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10228 – Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user
https://notcve.org/view.php?id=CVE-2024-10228
29 Oct 2024 — The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 El instalador de Windows de Vagrant VMWare Utility apuntaba a una ubicación personalizada con una ruta no protegida que podía ser modificada por un usuario sin privilegios, lo que generaba la posibilidad de escrituras no autoriz... • https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-9180 – Vault Operators in Root Namespace May Elevate Their Privileges
https://notcve.org/view.php?id=CVE-2024-9180
10 Oct 2024 — A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. • https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7594 – Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
https://notcve.org/view.php?id=CVE-2024-7594
26 Sep 2024 — Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. • https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8365 – Vault Leaks AppRole Client Tokens And Accessor in Audit Log
https://notcve.org/view.php?id=CVE-2024-8365
02 Sep 2024 — Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. Vault Community Edition y Vault Enterprise experimentaron una re... • https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7625 – Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-7625
14 Aug 2024 — In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. In HashiCorp Nomad and Nomad Enter... • https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6717 – Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-6717
23 Jul 2024 — HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. HashiCorp Nomad y Nomad Enterprise 1.6.12 hasta 1.7.9 y 1.8.1 al desempaquetar archivos durante la migración es vulnerable a que la ruta se escape del directorio de asignación. Esta vulnerabilidad, CVE-2024-6717, se solucionó en Nomad 1.6.13, 1.7.10 y 1.8.2. • https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6468 – Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
https://notcve.org/view.php?id=CVE-2024-6468
11 Jul 2024 — Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression... • https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6257 – HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
https://notcve.org/view.php?id=CVE-2024-6257
25 Jun 2024 — HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. • https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6104 – go-retryablehttp can leak basic auth credentials to log files
https://notcve.org/view.php?id=CVE-2024-6104
24 Jun 2024 — go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. • https://discuss.hashicorp.com/c/security • CWE-532: Insertion of Sensitive Information into Log File •