Hashicorp Luki w zabezpieczeniach

Oś czasu

Rodzaj

Not Defined135
Software Library1
SSH Server Software1

Produkt

Hashicorp Vault Enterprise30
Hashicorp Vault23
Hashicorp Consul20
Hashicorp Consul Enterprise19
HashiCorp Nomad17

Przeciwdziałanie

Official Fix116
Temporary Fix0
Workaround1
Unavailable0
Not Defined20

Wykorzystywanie

High0
Functional0
Proof-of-Concept6
Unproven0
Not Defined131

Wektor dostępu

Not Defined0
Physical0
Local16
Adjacent52
Network69

Uwierzytelnianie

Not Defined0
High20
Low68
None49

Interakcja z użytkownikiem

Not Defined0
Required10
None127

C3BM Index

CVSSv3 Base

≤10
≤20
≤35
≤417
≤521
≤638
≤723
≤820
≤912
≤101

CVSSv3 Temp

≤10
≤20
≤35
≤418
≤522
≤641
≤725
≤816
≤99
≤101

VulDB

≤10
≤23
≤312
≤427
≤514
≤646
≤76
≤827
≤91
≤101

NVD

≤10
≤20
≤32
≤41
≤50
≤611
≤712
≤832
≤96
≤1015

CNA

≤10
≤20
≤34
≤42
≤511
≤64
≤76
≤86
≤92
≤102

Sprzedawca

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploit 0-day

<1k33
<2k72
<5k32
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj dzisiaj

<1k136
<2k1
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (22): Boundary (4), Boundary Enterprise (1), Consul (25), Consul Enterprise (23), Consul Template (1), Nomad (27), Nomad Enterprise (26), Packer (1), Sentinel (1), Shared library (1), Terraform (2), Terraform Amazon Web Services (1), Terraform Enterprise (5), Vagrant (1), Vagrant VMware Fusion Plugin (3), Vault (37), Vault Enterprise (43), agrant-vmware-fusion (6), ault-action (1), ault-ssh-helper (1), go-getter (6), go-slug (1)

OpublikowanoBaseTempSłaby punktProdWykPrzEPSSCTICVE
2024-04-178.58.4HashiCorp Shared library privilege escalationSoftware LibraryNot DefinedOfficial Fix0.000430.21CVE-2024-3817
2024-04-045.15.1HashiCorp Vault/Vault Enterprise TLS Certificate Privilege EscalationNieznanyNot DefinedOfficial Fix0.000430.02CVE-2024-2660
2024-03-055.95.8HashiCorp Vault/Vault Enterprise TLS Certificate weak authenticationNieznanyNot DefinedOfficial Fix0.000430.02CVE-2024-2048
2024-02-086.36.3HashiCorp Nomad/Nomad Enterprise Template Renderer privilege escalationNieznanyNot DefinedOfficial Fix0.000480.03CVE-2024-1329
2024-02-065.85.8HashiCorp Boundary/Boundary Enterprise TLS weak authenticationNieznanyNot DefinedOfficial Fix0.000500.02CVE-2024-1052
2024-02-014.54.5HashiCorp Vault/Vault Enterprise Audit Device information disclosureNieznanyNot DefinedNot Defined0.000560.02CVE-2024-0831
2023-12-097.57.3HashiCorp Vault/Vault Enterprise HTTP Request denial of serviceNieznanyNot DefinedOfficial Fix0.000460.02CVE-2023-6337
2023-11-096.46.4HashiCorp Vault/Vault Enterprise Client Request denial of serviceNieznanyNot DefinedOfficial Fix0.000460.03CVE-2023-5954
2023-10-285.04.9HashiCorp Vagrant Installer privilege escalationNieznanyNot DefinedOfficial Fix0.000430.00CVE-2023-5834
2023-09-293.23.1Hashicorp Vault Enterprise Sentinel Role Governing Policy denial of serviceNieznanyNot DefinedOfficial Fix0.000440.00CVE-2023-3775
2023-09-296.36.3Hashicorp Vault/Vault Enterprise Google Cloud Secrets Engine privilege escalationNieznanyNot DefinedOfficial Fix0.000480.03CVE-2023-5077
2023-09-154.94.9HashiCorp Vault/Vault Enterprise Transit Secrets Engine privilege escalationNieznanyNot DefinedOfficial Fix0.000480.03CVE-2023-4680
2023-09-086.06.0Hashicorp Terraform directory traversalNieznanyNot DefinedOfficial Fix0.000440.04CVE-2023-4782
2023-08-097.06.9HashiCorp Consul/Consul Enterprise privilege escalationNieznanyNot DefinedOfficial Fix0.000460.00CVE-2023-3518
2023-08-015.35.2HashiCorp Vault/Vault Enterprise LDAP Auth Method information disclosureNieznanyNot DefinedOfficial Fix0.000460.06CVE-2023-3462
2023-07-283.83.7Hashicorp Vault Enterprise denial of serviceNieznanyNot DefinedOfficial Fix0.000440.02CVE-2023-3774
2023-07-202.82.8HashiCorp Nomad Enterprise information disclosureNieznanyNot DefinedOfficial Fix0.000450.00CVE-2023-3299
2023-07-203.53.5HashiCorp Nomad/Nomad Enterprise privilege escalationNieznanyNot DefinedOfficial Fix0.000450.00CVE-2023-3072
2023-07-205.35.2HashiCorp Nomad/Nomad Enterprise HTTP Search API privilege escalationNieznanyNot DefinedOfficial Fix0.000520.00CVE-2023-3300
2023-06-094.44.4Hashicorp Vault/Vault Enterprise key-value Diff Viewer cross site scriptingNieznanyNot DefinedOfficial Fix0.000450.03CVE-2023-2121
2023-06-035.05.0Hashicorp Consul/Consul Enterprise Cluster Peering denial of serviceNieznanyNot DefinedOfficial Fix0.000460.00CVE-2023-1297
2023-06-036.66.6Hashicorp Consul/Consul Enterprise Proxy privilege escalationNieznanyNot DefinedOfficial Fix0.000460.02CVE-2023-2816
2023-05-022.42.4HashiCorp Vault Enterprise AES weak encryptionNieznanyNot DefinedOfficial Fix0.000430.04CVE-2023-2197
2023-04-069.08.9HashiCorp Nomad/Nomad Enterprise privilege escalationNieznanyNot DefinedOfficial Fix0.001450.02CVE-2023-1782
2023-03-305.04.9HashiCorp Vault PKI Mount Issuer Endpoint denial of serviceNieznanyNot DefinedOfficial Fix0.000690.03CVE-2023-0665

112 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 112 results.

PoprzedniPrzeglądKolejny

Do you know our Splunk app?

Download it now for free!