CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8365 – Vault Leaks AppRole Client Tokens And Accessor in Audit Log
https://notcve.org/view.php?id=CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. Vault Community Edition y Vault Enterprise experimentaron una regresión en la que se eliminó la funcionalidad que codificaba mediante HMAC los encabezados confidenciales en el dispositivo de auditoría configurado, específicamente los tokens de cliente y los descriptores de acceso de token. Esto provocó que los valores de texto sin formato de los tokens de cliente y los descriptores de acceso de token se almacenaran en el registro de auditoría. • https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7625 – Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-7625
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. • https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6717 – Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-6717
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. HashiCorp Nomad y Nomad Enterprise 1.6.12 hasta 1.7.9 y 1.8.1 al desempaquetar archivos durante la migración es vulnerable a que la ruta se escape del directorio de asignación. Esta vulnerabilidad, CVE-2024-6717, se solucionó en Nomad 1.6.13, 1.7.10 y 1.8.2. • https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6468 – Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
https://notcve.org/view.php?id=CVE-2024-6468
Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12. Vault y Vault Enterprise no manejaron adecuadamente las solicitudes originadas en direcciones IP no autorizadas cuando la opción de escucha TCP, proxy_protocol_behavior, estaba configurada en deny_unauthorized. Al recibir una solicitud de una dirección IP de origen que no figuraba en proxy_protocol_authorized_addrs, el servidor API de Vault se cerraba y ya no respondía a ninguna solicitud HTTP, lo que podría provocar una denegación de servicio. Si bien este error también afectó a las versiones de Vault hasta 1.17.1 y 1.16.5, una regresión separada en esas series de versiones no permitió a los operadores de Vault configurar la opción deny_unauthorized, por lo que no permitió que se cumplieran las condiciones para la denegación de servicio. • https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6257 – HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
https://notcve.org/view.php?id=CVE-2024-6257
HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code execution. • https://discuss.hashicorp.com/t/hcsec-2024-13-hashicorp-go-getter-vulnerable-to-code-execution-on-git-update-via-git-config-manipulation/68081 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •