7 matches found
CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...
CVE-2020-25864 vulnerabilities
Vulnerabilities for packages: k3d...
CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...
CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 expose a cross-site scripting (XSS) vulnerability in the KV raw mode. The issue stems from the KV raw mode handling, allowing XSS payloads to execute. Fixed in versions 1.9.5, 1.8.10, and 1.7.14. Upgrading to one of these versions mitigat...
Consul API KV Endpoint Vulnerable to Cross-Site Scripting
Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that a specially crafted key-value entry could be used to perform a cross-site scripting XSS attack when viewed in Consul KV API’s raw mode. This vulnerability, CVE-2020-25864, affects all Consul versions up to...
FreeBSD : Consul -- Multiple vulnerabilities (093a6baf-9f99-11eb-b150-000c292ee6b8)
Hashicorp reports : Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Consul -- Multiple vulnerabilities
Hashicorp reports: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156...