| CVE-2021-41805 |
AVG-2594 |
Medium |
Yes |
Privilege escalation |
A vulnerability was identified in Consul Enterprise before version 1.10.4 such that an ACL token with the default operator:write permissions in one... |
| CVE-2021-38698 |
AVG-2360 |
Medium |
Yes |
Information disclosure |
In HashiCorp Consul before version 1.10.2, the Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. |
| CVE-2021-37219 |
AVG-2360 |
High |
Yes |
Privilege escalation |
In HashiCorp Consul before version 1.10.2, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only... |
| CVE-2021-36213 |
AVG-2171 |
Medium |
Yes |
Access restriction bypass |
In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action. |
| CVE-2021-32574 |
AVG-2171 |
Low |
Yes |
Certificate verification bypass |
HashiCorp Consul before version 1.9.8 does not validate SSL certificates correctly: xds does not ensure that the Subject Alternative Name of an upstream is... |
| CVE-2021-28156 |
AVG-1830 |
Medium |
Yes |
Access restriction bypass |
A vulnerability was identified in Consul Enterprise version 1.8.0 up to version 1.9.4 where a crafted endpoint URL could be used to bypass the audit log.... |
| CVE-2020-28053 |
AVG-1294 |
Medium |
Yes |
Privilege escalation |
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key... |
| CVE-2020-25864 |
AVG-1829 |
Medium |
Yes |
Cross-site scripting |
A vulnerability was identified in Consul and Consul Enterprise ("Consul") up to version 1.9.4 where a specially crafted KV entry could be used to perform a... |
| CVE-2020-25201 |
AVG-1295 |
Medium |
Yes |
Denial of service |
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes... |