Astra Linux - уязвимость в consul

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2...

Astra Linux - уязвимость в consul

HashiCorp Consul and Consul Enterprise 1.10.1’s Raft RPC layer enables non-server agents with a valid certificate signed by the same CA to access server-only functionalities, allowing for privilege escalation. This feature was fixed in versions 1.8.15, 1.9.9, and 1.10.2...

GO-2026-4690 Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication in github.com/hashicorp/consul

Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication in github.com/hashicorp/consul...

Security Bulletin: Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Summary HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. Vulnerability Details CVEID:CVE-2026-2808...

Linux Distros Unpatched Vulnerability : CVE-2026-2808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. Th...

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial of Service DoS. The vulnerability is due to lack of maximum value on the Content Length header, where an attacker can exploit this vulnerability to cause a denial of service, and this can be done by sending a request with a large Content Length...

Linux Distros Unpatched Vulnerability : CVE-2025-11375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Consul and Consul Enterprise's Consul event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. This...

EUVD-2025-36559

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

CVE-2025-11374

Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

EUVD-2024-3020

Malicious code in bioql PyPI...

EUVD-2023-1131

Malicious code in bioql PyPI...

EUVD-2024-2948

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-28053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration...

Linux Distros Unpatched Vulnerability : CVE-2023-2816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy...

Linux Distros Unpatched Vulnerability : CVE-2020-12797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non- propagation to secondary data centers. Introduced in 1.4....

CVE-2024-10005 vulnerabilities

Vulnerabilities for packages: consul-fips, consul...

CVE-2023-2816

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...