Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

HashiCorp — Vulnerabilities & Security Advisories 89

Browse all 89 CVE security advisories affecting HashiCorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

HashiCorp develops infrastructure automation software, primarily known for Terraform, Vault, and Consul, which enable organizations to provision and secure cloud infrastructure. The company’s products have historically been associated with various vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integration points or misconfigurations in how these tools interact with underlying systems. With 89 CVEs currently on record, the security landscape for HashiCorp tools reflects the inherent risks of widely adopted, high-privilege infrastructure management software. While no single catastrophic incident has defined the brand’s history, the volume of disclosed flaws highlights the challenges of maintaining security across a diverse ecosystem of plugins and integrations. Users must rigorously patch these tools to mitigate risks associated with unauthorized access or data exfiltration, ensuring that the powerful automation capabilities do not become vectors for systemic compromise.

Found 16 results / 89Clear Filters
Top products by HashiCorp: Vault Nomad Consul Shared library Boundary Vault Enterprise Tooling Terraform Enterprise Nomad Enterprise Vagrant go-getter Terraform
CVE IDTitleCVSSSeverityPublished
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job — NomadCWE-266 8.1 High2025-06-11
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs — NomadCWE-532 6.5 Medium2025-03-10
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace — NomadCWE-863 7.1 High2025-02-12
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens — NomadCWE-266 6.5 Medium2024-12-20
CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission — NomadCWE-863 7.7 High2024-11-07
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking — NomadCWE-610 5.8 Medium2024-08-14
CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking — NomadCWE-610 7.7 High2024-07-23
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack — NomadCWE-59 7.7 High2024-02-08
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins — NomadCWE-266 5.3 Medium2023-07-19
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources — NomadCWE-266 4.1 Medium2023-07-19
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation — NomadCWE-862 10.0 Critical2023-04-05
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity — NomadCWE-862 7.4 High2023-03-14
CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables — NomadCWE-682 2.7 Low2023-03-14
CVE-2023-0821 Nomad Client Vulnerable to Decompression Bombs in Artifact Block — NomadCWE-409 6.5 Medium2023-02-16
CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected — NomadCWE-613 2.7 Low2022-11-10
CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/ — NomadCWE-668 5.0 Medium2022-11-10

This page lists every published CVE security advisory associated with HashiCorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.