Consul Operator Read ACL Enables Connect Service Masquerading
Summary A vulnerability, CVE-2020-28053, was identified in Consul and Consul Enterprise “Consul” such that operators with operator:read ACL permissions were able to read the Consul Connect CA configuration including the private key. Background Consul Connect utilizes mutual TLS to establish servi...