PT-2020-16913 · Hashicorp+1 · Hashicorp Consul Enterprise+2

Published

2020-11-23

Updated

2024-06-28

CVE-2020-28053

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise versions 1.2.0 through 1.8.5

Description The issue allows operators with operator:read ACL permissions to read the Connect CA private key configuration. This is a problem of privilege escalation.

Recommendations For versions 1.2.0 through 1.5.9, update to version 1.6.10. For versions 1.6.0 through 1.7.9, update to version 1.7.10. For versions 1.8.0 through 1.8.5, update to version 1.8.6.

Fix

Incorrect Authorization

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-732

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

BIT-CONSUL-2020-28053

CVE-2020-28053

GHSA-6M72-467W-94RH

GO-2024-2505

Affected Products

Alt Linux

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2020-16913 · Hashicorp+1 · Hashicorp Consul Enterprise+2

CVE-2020-28053

Weakness Enumeration

Related Identifiers

Affected Products

References · 18