CVE-2020-28053 log

Source
Severity Medium
Remote Yes
Type Privilege escalation
Description
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration when explicitly configured with the /v1/connect/ca/configuration endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
Group Package Affected Fixed Severity Status Ticket
AVG-1294 consul 1.7.4-1 1.9.1-1 Medium Fixed FS#68723
References
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
https://github.com/hashicorp/consul/issues/9240
https://github.com/hashicorp/consul/commit/fd5928fa4ef21f935f4331a422504eecb89d0af5