Lucene search
K

5 matches found

CNNVD
CNNVD
added 2023/04/12 12:0 a.m.7 views

Jenkins Plugin Consul KV Builder 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

4.3CVSS5.1AI score0.00323EPSS
Exploits0References4
Veracode
Veracode
added 2021/12/13 9:27 a.m.31 views

Privilege Escalation

github.com/hashicorp/consul is vulnerable to privilege escalation. The vulnerability exists because ACL tokens in one namespace can be used to bypass security restrictions in a different namespace when they contain default operator:write permissions...

8.8CVSS3.8AI score0.3479EPSS
Exploits3References5Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2020/11/25 7:48 p.m.6 views

Consul Local ACL Token Can Be Used in Remote Datacenters

Summary Consul and Consul Enterprise “Consul” did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. This vulnerability, CVE-2020-13170, was introduced in Consul 1.4.0 and fixed in 1.6.6 and 1.7.4...

7.5CVSS7AI score0.01725EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2020/06/12 5:50 a.m.19 views

Insecure Access Control

github.com/hashicorp/consul uses an insecure access control. The changes to legacy ACL tokens rules are not enforced as they are not being propagated to the secondary data center...

5.3CVSS2.9AI score0.01552EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/06/11 8:15 p.m.3 views

DEBIAN-CVE-2020-12797

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4...

5.3CVSS6.3AI score0.01552EPSS
Exploits0References1
Rows per page
Query Builder