CVE-2020-25201 log

Severity Medium
Remote Yes
Type Denial of service
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes infinite raft writes due to issues with the namespace replication logic. This can lead to an operator with access to one namespace to be able to temporarily delete a doppelgänger configuration in another namespace they should not have access to modify.
Group Package Affected Fixed Severity Status Ticket
AVG-1295 consul 1.7.0-1 1.8.4-1 Medium Not affected