8 matches found
EUVD-2022-3787
Malicious code in bioql PyPI...
GHSA-FHM8-CXCV-PWVC HashiCorp Consul Access Restriction Bypass
HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...
Consul Legacy ACL Permission Changes Not Propagated to Secondary Datacenters
Summary Consul and Consul Enterprise “Consul” failed to enforce changes to legacy ACL token rules due to non-propagation to secondary datacenters. This vulnerability, CVE-2020-12797, was introduced in Consul 1.4.0 and fixed in 1.6.6 and 1.7.4. Background Consul supports the replication of ACLs...
Privilege Escalation
github.com/hashicorp/consul is vulnerable to privilege escalation. In an unusual circumstance, a client is able to bypass access restrictions to obtain higher privileges within secondary datacenters using a secret token...
CVE-2019-8336
HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...
Security feature bypass
HashiCorp Consul and Consul Enterprise 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances...
PT-2019-18973 · Hashicorp +1 · Hashicorp Consul +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.4.0 through 1.4.2 Description: The issue allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters. This occurs...