ALT-PU-2019-1446-2
Closed vulnerabilities
Published: 2018-12-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19653
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2019-03-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-8336
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "
Severity: MEDIUM (6.8)Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: HIGH (8.1)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-05-14
Modified: 2023-06-10
Modified: 2023-06-10
GHSA-4qvx-qq5w-695p
HashiCorp Consul can use cleartext agent-to-agent RPC communication
Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2022-05-13
Modified: 2023-09-28
Modified: 2023-09-28
GHSA-fhm8-cxcv-pwvc
HashiCorp Consul Access Restriction Bypass
Severity: HIGH (8.1)Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-8336
- https://github.com/hashicorp/consul/issues/5423
- https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
- https://github.com/hashicorp/consul
- https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405