Lucene search
K

983 matches found

Snyk
Snyk
added 2026/03/12 12:31 a.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the the Vault Kubernetes Authentication Provider. An attacker can access sensitive files by specifying tokenpath configuration parameter to any file on the Consul server node that later returned as jwt data and sent t...

7.6CVSS5.9AI score0.00475EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 12:31 a.m.3 views

GHSA-CPFQ-66P2-336J Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/12 12:31 a.m.6 views

EUVD-2026-11487

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 12:31 a.m.8 views

Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 12:30 a.m.6 views

Security Bulletin: Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

Summary HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. Vulnerability Details CVEID:CVE-2026-2808...

6.8CVSS5.8AI score0.00475EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/03/12 12:16 a.m.7 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 12:16 a.m.3 views

DEBIAN-CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS8.1AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 12:16 a.m.9 views

UBUNTU-CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. Th...

6.8CVSS5.9AI score0.00475EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/12 12:0 a.m.6 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS7.2AI score0.00475EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 11:8 p.m.5 views

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 11:8 p.m.4 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 11:8 p.m.36 views

CVE-2026-2808

CVE-2026-2808 affects HashiCorp Consul and Consul Enterprise 1.18.20–1.21.10 and 1.22.4 when configured with Kubernetes authentication, enabling arbitrary file reads. The root cause involves unvalidated file paths for tokens via the Vault Kubernetes provider, allowing an attacker to read arbitrar...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/11 11:8 p.m.2 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS8.1AI score0.00475EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/11 11:8 p.m.33 views

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS0.00475EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

HashiCorp Consul和HashiCorp Consul Enterprise 安全漏洞

HashiCorp Consul and HashiCorp Consul Enterprise are both products of the American company HashiCorp. HashiCorp Consul is a distributed, highly available data center awareness solution. It is used for connecting and configuring applications across dynamic distributed infrastructures. HashiCorp...

6.8CVSS7.4AI score0.00475EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24892

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 Description HashiCorp Consul and Consul Enterprise are...

9.9CVSS7.2AI score0.02359EPSS
Exploits28References148
Veracode
Veracode
added 2026/03/04 4:45 p.m.7 views

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability is due to incorrect Content Length header validation, where an attacker can exploit this vulnerability to cause a denial of service...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2026/03/04 4:29 p.m.10 views

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial of Service DoS. The vulnerability is due to lack of maximum value on the Content Length header, where an attacker can exploit this vulnerability to cause a denial of service, and this can be done by sending a request with a large Content Length...

6.5CVSS6AI score0.00399EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/26 12:41 a.m.10 views

CLEANSTART-2026-VU62737 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the consul-k8s-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00724EPSS
Exploits2References12
Rows per page
Query Builder