CVE-2020-25201 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes infinite raft writes due to issues with the namespace replication logic. This can lead to an operator with access to one namespace to be able to temporarily delete a doppelgänger configuration in another namespace they should not have access to modify.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1295	consul	1.7.0-1	1.8.4-1	Medium	Not affected

References
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 https://github.com/hashicorp/consul/pull/9024 https://github.com/hashicorp/consul/commit/58387fef0a8240d0457001bb2bac075796775e11

References

https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
https://github.com/hashicorp/consul/pull/9024
https://github.com/hashicorp/consul/commit/58387fef0a8240d0457001bb2bac075796775e11