CVE-2023-5954: HashiCorp Vault and Vault Enterprise Memory Consumption Vulnerability Fixed in Versions 1.15.2, 1.14.6, and 1.13.10
HashiCorp Vault is a popular open-source tool that allows users to store and manage sensitive data such as passwords, API keys, and tokens securely. Vault
CVE-2023-3775: Vault Enterprise Sentinel Role Governing Policy Flaw Allows Cross-Namespace DoS Attack
The Common Vulnerabilities and Exposures (CVE) project has recently added a new entry identified as CVE-2023-3775, which affects the Vault Enterprise's Sentinel Role
CVE-2023-4680: Critical Vulnerability in HashiCorp Vault and Vault Enterprise Transit Secrets Engine - Decrypt Arbitrary Ciphertext and Potentially Derive the Authentication Subkey
A critical security vulnerability, tracked under CVE-2023-4680, has been identified in HashiCorp Vault and Vault Enterprise transit secrets engine. This vulnerability affects the encrypt endpoint,
CVE-2023-3518: HashiCorp Consul and Consul Enterprise Vulnerability with JWT Authentication Allows Unauthorized Access in Service Mesh
HashiCorp recently disclosed a critical security vulnerability (CVE-2023-3518) affecting their Consul and Consul Enterprise products, specifically when using JWT (JSON Web Tokens) authentication for service
CVE-2023-3300: HashiCorp Nomad and Nomad Enterprise Security Vulnerability that Reveals Names of Available CSI Plugins
HashiCorp Nomad and Nomad Enterprise versions .11. up to 1.5.6 and 1.4.1 contain a security vulnerability (CVE-2023-3300) in their HTTP search
Episode
00:00:00
00:00:00