Lucene search

FreeBSD093A6BAF-9F99-11EB-B150-000C292EE6B8

HistoryApr 15, 2021 - 12:00 a.m.

Consul -- Multiple vulnerabilities

2021-04-1500:00:00

vuxml.freebsd.org

108

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Hashicorp reports:

Add content-type headers to raw KV responses to prevent XSS attacks
(CVE-2020-25864). audit-logging: Parse endpoint URL to prevent
requests from bypassing the audit log (CVE-2021-28156).

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchconsul< 1.9.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	consul	< 1.9.5	UNKNOWN

References

github.com/hashicorp/consul/releases/tag/v1.9.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for 093A6BAF-9F99-11EB-B150-000C292EE6B8