Lucene search
K

7 matches found

OSV
OSV
added 2021/04/20 4:15 p.m.27 views

CVE-2020-25864

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...

6.1CVSS6.2AI score
Exploits0References3
Chainguard
Chainguard
added 2021/04/20 4:15 p.m.72 views

CVE-2020-25864 vulnerabilities

Vulnerabilities for packages: k3d...

6.1CVSS6.7AI score0.06095EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/04/20 1:7 p.m.40 views

CVE-2020-25864

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value KV raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14...

6.1CVSS6.1AI score0.06095EPSS
Exploits0
CVE
CVE
added 2021/04/20 1:7 p.m.384 views

CVE-2020-25864

HashiCorp Consul and Consul Enterprise up to version 1.9.4 expose a cross-site scripting (XSS) vulnerability in the KV raw mode. The issue stems from the KV raw mode handling, allowing XSS payloads to execute. Fixed in versions 1.9.5, 1.8.10, and 1.7.14. Upgrading to one of these versions mitigat...

6.1CVSS5.9AI score0.06095EPSS
Exploits0References3Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/04/19 10:40 p.m.5 views

Consul API KV Endpoint Vulnerable to Cross-Site Scripting

Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that a specially crafted key-value entry could be used to perform a cross-site scripting XSS attack when viewed in Consul KV API’s raw mode. This vulnerability, CVE-2020-25864, affects all Consul versions up to...

6.1CVSS6.5AI score0.06095EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/04/19 12:0 a.m.159 views

FreeBSD : Consul -- Multiple vulnerabilities (093a6baf-9f99-11eb-b150-000c292ee6b8)

Hashicorp reports : Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

7.5CVSS6.7AI score0.06095EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2021/04/15 12:0 a.m.140 views

Consul -- Multiple vulnerabilities

Hashicorp reports: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864. audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156...

7.5CVSS1.8AI score0.06095EPSS
Exploits0References1
Rows per page
Query Builder