Browse all 89 CVE security advisories affecting HashiCorp. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HashiCorp develops infrastructure automation software, primarily known for Terraform, Vault, and Consul, which enable organizations to provision and secure cloud infrastructure. The company’s products have historically been associated with various vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation, often stemming from complex integration points or misconfigurations in how these tools interact with underlying systems. With 89 CVEs currently on record, the security landscape for HashiCorp tools reflects the inherent risks of widely adopted, high-privilege infrastructure management software. While no single catastrophic incident has defined the brand’s history, the volume of disclosed flaws highlights the challenges of maintaining security across a diverse ecosystem of plugins and integrations. Users must rigorously patch these tools to mitigate risks associated with unauthorized access or data exfiltration, ensuring that the powerful automation capabilities do not become vectors for systemic compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-2877 | Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node — Vault EnterpriseCWE-532 | 5.5 | Medium | 2024-04-30 |
| CVE-2023-3775 | Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service — Vault EnterpriseCWE-266 | 4.2 | Medium | 2023-09-28 |
| CVE-2023-3774 | Vault Enterprise Namespace Creation May Lead to Denial of Service — Vault EnterpriseCWE-248 | 4.9 | Medium | 2023-07-28 |
| CVE-2023-2197 | Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM — Vault EnterpriseCWE-326 | 2.5 | Low | 2023-05-01 |
This page lists every published CVE security advisory associated with HashiCorp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.