HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
CPE | Name | Operator | Version |
---|---|---|---|
consul | eq | 1.4.3 | |
consul | eq | api/v1.1.0 | |
consul | eq | internal/v0.1.0 | |
consul | eq | sdk/v0.1.0 | |
consul | eq | 1.4.4 | |
consul | eq | 1.4.0 | |
consul | eq | 1.4.1 | |
consul | eq | 1.5.0 | |
consul | eq | api/v1.0.1 | |
consul | eq | sdk/v0.1.1 |