PT-2020-13271 · Hashicorp+1 · Hashicorp Consul Enterprise+2

Hanshasselberg

Published

2020-06-11

Updated

2024-08-21

CVE-2020-12797

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise versions 1.4.0 through 1.6.5 HashiCorp Consul and Consul Enterprise versions 1.7.0 through 1.7.3

Description The issue arises from HashiCorp Consul and Consul Enterprise failing to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. This was introduced in version 1.4.0.

Recommendations For versions 1.4.0 through 1.6.5, update to version 1.6.6 or later. For versions 1.7.0 through 1.7.3, update to version 1.7.4 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

BIT-CONSUL-2020-12797

CVE-2020-12797

GHSA-HWQM-X785-QH8P

GO-2022-0847

Affected Products

Alt Linux

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2020-13271 · Hashicorp+1 · Hashicorp Consul Enterprise+2

CVE-2020-12797

Weakness Enumeration

Related Identifiers

Affected Products

References · 17