CVE search results

11 – 20 of 31 results

Detailed view

Sort by:

CVE-2022-29153

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2022-24687

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to...

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-41805

Medium priority

Needs evaluation

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for...

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-38698

Low priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-37219

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-36213

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in...

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-32574

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored

CVE-2021-28156

Medium priority

Needs evaluation

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2020-25864

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2020-28053

Medium priority

Needs evaluation

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

1 affected package

consul

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
consul	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

Export to JSON

Results by page:

Search CVE reports