CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7625 – Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-7625
14 Aug 2024 — In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. In HashiCorp Nomad and Nomad Enter... • https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6717 – Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-6717
23 Jul 2024 — HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. HashiCorp Nomad y Nomad Enterprise 1.6.12 hasta 1.7.9 y 1.8.1 al desempaquetar archivos durante la migración es vulnerable a que la ruta se escape del directorio de asignación. Esta vulnerabilidad, CVE-2024-6717, se solucionó en Nomad 1.6.13, 1.7.10 y 1.8.2. • https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6468 – Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
https://notcve.org/view.php?id=CVE-2024-6468
11 Jul 2024 — Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression... • https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6257 – HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
https://notcve.org/view.php?id=CVE-2024-6257
25 Jun 2024 — HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. An update that fixes three vulnerabilities is now available. Trivy was updated to fix the following issues. • https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6104 – go-retryablehttp can leak basic auth credentials to log files
https://notcve.org/view.php?id=CVE-2024-6104
24 Jun 2024 — go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7. A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. • https://discuss.hashicorp.com/c/security • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5798 – Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
https://notcve.org/view.php?id=CVE-2024-5798
12 Jun 2024 — Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9 Vault y Vault Enterprise no validaron correctamente la reclamación de audiencia vinculada a roles ... • https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2877 – Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
https://notcve.org/view.php?id=CVE-2024-2877
30 Apr 2024 — Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. Vault Enterprise, cuando se configura con nodos en espera de rendimiento y un dispositivo de auditoría configurado, registrará inadvertidamente encabezados de solicitud en el nodo en espera. Es posible que... • https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3817 – HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
https://notcve.org/view.php?id=CVE-2024-3817
17 Apr 2024 — HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. La librería de HashiCorp es vulnerable a la inyección de argumentos al ejecutar Git para descubrir ramas remotas. Esta vulnerabilidad no afecta a la rama ni al paquete go-getter/v2. These are all security issues fixed in the trivy-0.58.2-1.1 package on the GA media of openSUSE Tumbleweed. • https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2660 – Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
https://notcve.org/view.php?id=CVE-2024-2660
04 Apr 2024 — Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11. El método de autenticación de los certificados TLS de Vault y Vault Enterprise no validaba correctamente las respuestas de OCSP cuando se configuraban uno o más orígenes de OCSP. Se corrigió en Vault 1.16.0 y Vault Enterprise 1.16.1, 1.15.7 y 1.14.11. Vault and Vault Enterprise TLS certificates... • https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573 • CWE-636: Not Failing Securely ('Failing Open') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2048 – Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
https://notcve.org/view.php?id=CVE-2024-2048
04 Mar 2024 — Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10. El método de autenticación de certificados TLS de Vault y Vault Enterprise (“Vault”) no validaba correctamente los certificados de cliente cuando se configuraba con un certif... • https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 • CWE-295: Improper Certificate Validation •