Danlsgiga

**Name of the Vulnerable Software and Affected Versions** HashiCorp Consul versions 1.4.0 through 1.5.0 **Description** The issue is related to Incorrect Access Control in HashiCorp Consul. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy, even with default deny settings configured. This affects the `github.com/hashicorp/consul` and `github.com/hashicorp/consul/acl` packages. **Recommendations** For HashiCorp Consul versions 1.4.0 through 1.5.0, consider restricting access to the ACL rules used for prefix matching in policies to minimize the risk of unauthorized key deletion. As a temporary workaround, review and adjust the default deny settings and policy configurations to ensure proper access control. At the moment, there is no information about a newer version that contains a fix for this vulnerability.