GO-2022-0874 Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul...

GO-2022-0593 HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul...

GO-2023-1945 HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul

HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to Denial Of Service DoS. The vulnerability exists because upstream watch handling was shared between connect-proxy and gateways, allowing an attacker with service:write permission to cause a server and client crash...

Information Disclosure

github.com/hashicorp/consul is vulnerable to information disclosure. The vulnerability exists in Filter function of filter.go because the data imported from peers is not properly filtered by ACLs at the UI Nodes which allows an attacker to gain access to the ACL tokens and view sensitive...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS attacks. A remote attacker with service:write permission is able to register a specifically-crafted service on clusters with at least one ingress gateway configured, resulting in denial of service conditions in the server...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to privilege escalation. The vulnerability exists due to a single L7 deny intention bypassing the default deny policy...

Denial of Service (DoS) in HashiCorp Consul

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. Specific Go Packages Affected github.com/hashicorp/consul/agent/consul...

Denial Of Service (DoS)

github.com/hashicorp/consul is vulnerable to denial of service DoS. Incorrect use of namespaces in comparisons allow an attacker to send infinite Raft writes to cause a namespace replication bug, leading to a resource exhaustion and an application crash...

Insecure Access Control

github.com/hashicorp/consul uses an insecure access control. The scope of local and global tokens are not properly enforced, allowing local ACL tokens to be used in other data centers...

Privilege Escalation

github.com/hashicorp/consul is vulnerable to privilege escalation. In an unusual circumstance, a client is able to bypass access restrictions to obtain higher privileges within secondary datacenters using a secret token...

Cross-site Scripting (XSS)

github.com/hashicorp/consul is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the sessionName, sessionMeta and aclName strings, allowing an attacker to inject and execute arbitrary script...