CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1296 – Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
https://notcve.org/view.php?id=CVE-2025-1296
10 Mar 2025 — Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19. • https://discuss.hashicorp.com/t/hcsec-2025-04-nomad-exposes-sensitive-workload-identity-and-client-secret-token-in-audit-logs/73737 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1293 – HashiCorp Hermes Improperly Validates AWS ALB JWTs, which May Lead to Authentication Bypass
https://notcve.org/view.php?id=CVE-2025-1293
20 Feb 2025 — Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0. • https://discuss.hashicorp.com/t/hcsec-2025-03-hashicorp-hermes-improperly-validates-aws-alb-jwts-which-may-lead-to-authentication-bypass/73371 • CWE-1390: Weak Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0937 – Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
https://notcve.org/view.php?id=CVE-2025-0937
12 Feb 2025 — Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. • https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0377 – HashiCorp go-slug Vulnerable to Zip Slip Attack
https://notcve.org/view.php?id=CVE-2025-0377
21 Jan 2025 — HashiCorp’s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry. • https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12678 – Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens
https://notcve.org/view.php?id=CVE-2024-12678
20 Dec 2024 — Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. • https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-allocations-vulnerable-to-privilege-escalation-within-a-namespace-using-unredacted-workload-identity-token/72119 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12289 – Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
https://notcve.org/view.php?id=CVE-2024-12289
12 Dec 2024 — Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. • https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10975 – Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
https://notcve.org/view.php?id=CVE-2024-10975
07 Nov 2024 — Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15. • https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8185 – Vault Vulnerable to Denial of Service When Processing Raft Join Requests
https://notcve.org/view.php?id=CVE-2024-8185
31 Oct 2024 — Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vau... • https://discuss.hashicorp.com/t/hcsec-2024-26-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-processing-raft-cluster-join-requests/71047 • CWE-636: Not Failing Securely ('Failing Open') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10086 – Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
https://notcve.org/view.php?id=CVE-2024-10086
30 Oct 2024 — A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. Se identificó una vulnerabilidad en Consul y Consul Enterprise tal que la respuesta del servidor no establecía explícitamente un encabezado HTTP Content-Type, lo que permitía que las entradas proporcionadas por el usuario se malinterpretaran y generaran un XSS reflejado. • https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10006 – Consul L7 Intentions Vulnerable To Headers Bypass
https://notcve.org/view.php?id=CVE-2024-10006
30 Oct 2024 — A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. Se identificó una vulnerabilidad en Consul y Consul Enterprise (“Consul”) tal que el uso de encabezados en intenciones de tráfico L7 podría eludir las reglas de acceso basadas en encabezados HTTP. • https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax •