Lucene search
Veracode Vulnerability DatabaseVERACODE:28499HistoryDec 07, 2020 - 3:46 a.m.
Privilege Escalation
2020-12-0703:46:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
consul
vulnerability
privilege escalation
operator
acl
permissions
connect ca
configuration
private key
certificates
EPSS
0.001
Percentile
42.5%
consul is vulnerable to privilege escalation. The vulnerability exists due to the operators with operator:read ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the /v1/connect/ca/configuration endpoint including the private key, allowing a malicious user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services.
Related
github
github
Privilege Escalation in HashiCorp Consul
2024-01-31 23:11:32
nvd
nvd
CVE-2020-28053
2020-11-23 14:15:12
nessus
nessus
FreeBSD : consul -- Fix Consul Connect CA private key configuration (8d17229f-3054-11eb-a455-ac1f6b16e566)
2020-12-07 00:00:00
Photon OS 3.0: Consul PHSA-2021-3.0-0181
2021-01-13 00:00:00
GLSA-202208-09 : HashiCorp Consul: Multiple Vulnerabilities
2022-08-10 00:00:00
freebsd
freebsd
consul -- Fix Consul Connect CA private key configuration
2020-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2020-28053
2020-11-23 00:00:00
osv
osv
BIT-consul-2020-28053
2024-03-06 10:54:15
Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul
2024-06-28 15:28:53
Privilege Escalation in HashiCorp Consul
2024-01-31 23:11:32
debiancve
debiancve
CVE-2020-28053
2020-11-23 14:15:12
cve
cve
CVE-2020-28053
2020-11-23 14:15:12
cvelist
cvelist
CVE-2020-28053
2020-11-23 13:11:27
prion
prion
Design/Logic Flaw
2020-11-23 14:15:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0181
2021-01-04 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0181
2021-01-04 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00
gentoo
gentoo
HashiCorp Consul: Multiple Vulnerabilities
2022-08-10 00:00:00