CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5798 – Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
https://notcve.org/view.php?id=CVE-2024-5798
12 Jun 2024 — Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9 Vault y Vault Enterprise no validaron correctamente la reclamación de audiencia vinculada a roles ... • https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2877 – Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
https://notcve.org/view.php?id=CVE-2024-2877
30 Apr 2024 — Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. Vault Enterprise, cuando se configura con nodos en espera de rendimiento y un dispositivo de auditoría configurado, registrará inadvertidamente encabezados de solicitud en el nodo en espera. Es posible que... • https://discuss.hashicorp.com/t/hsec-2024-10-vault-enterprise-leaks-sensitive-http-request-headers-in-audit-log-when-deployed-with-a-performance-standby-node • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3817 – HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
https://notcve.org/view.php?id=CVE-2024-3817
17 Apr 2024 — HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the go-getter/v2 branch and package. La librería de HashiCorp es vulnerable a la inyección de argumentos al ejecutar Git para descubrir ramas remotas. Esta vulnerabilidad no afecta a la rama ni al paquete go-getter/v2. • https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2660 – Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
https://notcve.org/view.php?id=CVE-2024-2660
04 Apr 2024 — Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11. El método de autenticación de los certificados TLS de Vault y Vault Enterprise no validaba correctamente las respuestas de OCSP cuando se configuraban uno o más orígenes de OCSP. Se corrigió en Vault 1.16.0 y Vault Enterprise 1.16.1, 1.15.7 y 1.14.11. Vault and Vault Enterprise TLS certificates... • https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573 • CWE-636: Not Failing Securely ('Failing Open') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2048 – Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
https://notcve.org/view.php?id=CVE-2024-2048
04 Mar 2024 — Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10. El método de autenticación de certificados TLS de Vault y Vault Enterprise (“Vault”) no validaba correctamente los certificados de cliente cuando se configuraba con un certif... • https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1329 – Nomad Vulnerable to Arbitrary Write Through Symlink Attack
https://notcve.org/view.php?id=CVE-2024-1329
08 Feb 2024 — HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. HashiCorp Nomad y Nomad Enterprise 1.5.13 hasta 1.6.6 y 1.7.3 el renderizador de plantillas es vulnerable a la escritura de archivos arbitrarios en el host como usuario del cliente Nomad a través de ataques de enlaces simbólicos. Corregido en Nomad 1.7.4, 1.6.7, 1.5.14. HashiCorp Nomad and... • https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1052 – Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
https://notcve.org/view.php?id=CVE-2024-1052
05 Feb 2024 — Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. Boundary and Boundary Enterprise (“Boundary”) es vulnerable al secuestro de sesión mediante la manipulación del cert... • https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0831 – Vault May Expose Sensitive Information When Configuring An Audit Log Device
https://notcve.org/view.php?id=CVE-2024-0831
01 Feb 2024 — Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. Vault y Vault Enterprise (“Vault”) pueden exponer información confidencial al habilitar un dispositivo de auditoría que especifica la opción `log_raw`, que puede registrar información confidencial en otros dispositivos de auditoría, independientemente de... • https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6337 – Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
https://notcve.org/view.php?id=CVE-2023-6337
08 Dec 2023 — HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido... • https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2023-5332 – Dependency on Vulnerable Third-Party Component in GitLab
https://notcve.org/view.php?id=CVE-2023-5332
04 Dec 2023 — Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. El parche en la librería de terceros Consul requiere que 'enable-script-checks' esté configurado en False. • https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 • CWE-16: Configuration CWE-1395: Dependency on Vulnerable Third-Party Component •