4 matches found
Consul's Health Check API Endpoints May Disclose Information
Summary Consul and Consul Enterprise “Consul” did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. This vulnerability affected Consul versions 1.4.1 through 1.6.2 and was assigned CVE-2020-7955. Background Consul uses Access Control...
CVE-2020-7955
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...
CVE-2020-7955
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3...
CVE-2020-7955
HashiCorp Consul and Consul Enterprise versions 1.4.1–1.6.2 did not uniformly enforce ACLs across all API endpoints, potentially enabling information disclosure. Root cause: inconsistent ACL enforcement leading to exposure of information via multiple API endpoints. Impact: partial confidentiality...