CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1329 – Nomad Vulnerable to Arbitrary Write Through Symlink Attack
https://notcve.org/view.php?id=CVE-2024-1329
08 Feb 2024 — HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. HashiCorp Nomad y Nomad Enterprise 1.5.13 hasta 1.6.6 y 1.7.3 el renderizador de plantillas es vulnerable a la escritura de archivos arbitrarios en el host como usuario del cliente Nomad a través de ataques de enlaces simbólicos. Corregido en Nomad 1.7.4, 1.6.7, 1.5.14. HashiCorp Nomad and... • https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1052 – Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
https://notcve.org/view.php?id=CVE-2024-1052
05 Feb 2024 — Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. Boundary and Boundary Enterprise (“Boundary”) es vulnerable al secuestro de sesión mediante la manipulación del cert... • https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0831 – Vault May Expose Sensitive Information When Configuring An Audit Log Device
https://notcve.org/view.php?id=CVE-2024-0831
01 Feb 2024 — Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. Vault y Vault Enterprise (“Vault”) pueden exponer información confidencial al habilitar un dispositivo de auditoría que especifica la opción `log_raw`, que puede registrar información confidencial en otros dispositivos de auditoría, independientemente de... • https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6337 – Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
https://notcve.org/view.php?id=CVE-2023-6337
08 Dec 2023 — HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido... • https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2023-5332 – Dependency on Vulnerable Third-Party Component in GitLab
https://notcve.org/view.php?id=CVE-2023-5332
04 Dec 2023 — Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. El parche en la librería de terceros Consul requiere que 'enable-script-checks' esté configurado en False. • https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 • CWE-16: Configuration CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5954 – Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
https://notcve.org/view.php?id=CVE-2023-5954
09 Nov 2023 — HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. Las solicitudes de clientes entrantes de HashiCorp Vault y Vault Enterprise que activan una verificación de políticas pueden provocar un consumo ilimitado de memoria. Un gran número de estas solicitudes pueden dar lugar a una denegación de servicio. • https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5834 – Vagrant’s Windows Installer Allowed Directory Junction Write
https://notcve.org/view.php?id=CVE-2023-5834
27 Oct 2023 — HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. El instalador HashiCorp Vagrant de Windows apuntó a una ubicación personalizada con una ruta no protegida que podía unirse, lo que introdujo la posibilidad de escrituras no autorizadas en el sistema de archivos. Corregido en Vagrant 2.4.0. • https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5077 – Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
https://notcve.org/view.php?id=CVE-2023-5077
28 Sep 2023 — The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. El engine de los secretos en Vault and Vault Enterprise ("Vault") Google Cloud no conservó la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0. A flaw was found in HashiCorp Vault and Vault Enterprise. • https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3775 – Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
https://notcve.org/view.php?id=CVE-2023-3775
28 Sep 2023 — A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo ... • https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-4680 – Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
https://notcve.org/view.php?id=CVE-2023-4680
14 Sep 2023 — HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. El motor de secretos de tránsito de HashiCorp Vault y Vault Enterprise pe... • https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 • CWE-20: Improper Input Validation CWE-323: Reusing a Nonce, Key Pair in Encryption •