PT-2020-19874 · Hashicorp+1 · Hashicorp Consul Enterprise+2

Hanshasselberg

Published

2020-01-31

Updated

2024-08-21

CVE-2020-7955

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise versions 1.4.1 through 1.6.2

Description The issue results from the non-uniform enforcement of Access Control Lists (ACLs) across all API endpoints, potentially leading to unintended information disclosure.

Recommendations For versions 1.4.1 through 1.6.2, update to version 1.6.3 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

BIT-CONSUL-2020-7955

CVE-2020-7955

GHSA-R9W6-RHH9-7V53

GO-2022-0874

Affected Products

Alt Linux

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2020-19874 · Hashicorp+1 · Hashicorp Consul Enterprise+2

CVE-2020-7955

Weakness Enumeration

Related Identifiers

Affected Products

References · 14