Mkeeler

**Name of the Vulnerable Software and Affected Versions** HashiCorp Consul (and Consul Enterprise) versions 1.4.0 through 1.4.2 **Description** The issue allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters. This occurs because a token with literally "<hidden>" as its secret is used in unusual circumstances. **Recommendations** For HashiCorp Consul (and Consul Enterprise) versions 1.4.0 through 1.4.2, update to version 1.4.3 or later to resolve the issue.