PT-2020-19473 · Hashicorp+1 · Hashicorp Consul Enterprise+2

Published

2020-01-31

Updated

2024-08-21

CVE-2020-7219

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise versions 1.6.2 and earlier

Description The issue allows unbounded resource usage and is susceptible to unauthenticated denial of service. This affects the HTTP/RPC services of HashiCorp Consul and Consul Enterprise.

Recommendations For versions 1.6.2 and earlier, update to version 1.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/RPC services to minimize the risk of exploitation.

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

BIT-CONSUL-2020-7219

CVE-2020-7219

GHSA-23JV-V6QJ-3FHH

GO-2022-0776

Affected Products

Alt Linux

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2020-19473 · Hashicorp+1 · Hashicorp Consul Enterprise+2

CVE-2020-7219

Weakness Enumeration

Related Identifiers

Affected Products

References · 14