CVE-2021-41805

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Consul Enterprise versions prior to 1.8.17 HashiCorp Consul Enterprise versions 1.9.x prior to 1.9.11 HashiCorp Consul Enterprise versions 1.10.x prior to 1.10.4

Description The issue concerns Incorrect Access Control, where an ACL token with default operator:write permissions in one namespace can be used for unintended privilege escalation in a different namespace.

Recommendations For versions prior to 1.8.17, update to version 1.8.17 or later. For versions 1.9.x prior to 1.9.11, update to version 1.9.11 or later. For versions 1.10.x prior to 1.10.4, update to version 1.10.4 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2021-3445

ALT-PU-2023-7106

ALT-PU-2024-8028

BIT-CONSUL-2021-41805

CVE-2021-41805

Affected Products

Alt Linux

Hashicorp Consul Enterprise

CVE-2021-41805

Weakness Enumeration

Related Identifiers

Affected Products

References · 10