consul

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A tool for service discovery, monitoring and configuration.
Version 1.9.5-2 [community-testing]
1.9.5-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1830 1.9.4-1 Medium Not affected
AVG-1829 1.9.4-1 1.9.5-1 Medium Fixed
AVG-1295 1.7.0-1 1.8.4-1 Medium Not affected
AVG-1294 1.7.4-1 1.9.1-1 Medium Fixed FS#68723
Issue Group Severity Remote Type Description
CVE-2021-28156 AVG-1830 Medium Yes Access restriction bypass
A vulnerability was identified in Consul Enterprise version 1.8.0 up to version 1.9.4 where a crafted endpoint URL could be used to bypass the audit log....
CVE-2020-28053 AVG-1294 Medium Yes Privilege escalation
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key...
CVE-2020-25864 AVG-1829 Medium Yes Cross-site scripting
A vulnerability was identified in Consul and Consul Enterprise ("Consul") up to version 1.9.4 where a specially crafted KV entry could be used to perform a...
CVE-2020-25201 AVG-1295 Medium Yes Denial of service
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes...