Lucene search

[email protected]NVD:CVE-2020-25864

HistoryApr 20, 2021 - 4:15 p.m.

CVE-2020-25864

2021-04-2016:15:10

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

Affected configurations

NVD

Node

hashicorpconsulRange<1.7.14-

hashicorpconsulRange<1.7.14enterprise

hashicorpconsulRange1.8.0–1.8.10-

hashicorpconsulRange1.8.0–1.8.10enterprise

hashicorpconsulRange1.9.0–1.9.5-

hashicorpconsulRange1.9.0–1.9.5enterprise

References

discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368

security.gentoo.org/glsa/202208-09

www.hashicorp.com/blog/category/consul

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.003 Low

EPSS

Percentile

70.9%

JSON

Related for NVD:CVE-2020-25864

cgr1 osv4 redhatcve1 github1 nessus3 ubuntucve1 veracode1 debiancve1 prion1 cve1 nuclei1 cvelist1 alpinelinux1 wolfi1 freebsd1 photon5 gentoo1 ibm2