Veracode Vulnerability DatabaseVERACODE:33297Privilege Escalation
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
github.com/hashicorp/consul is vulnerable to privilege escalation. The vulnerability exists because ACL tokens in one namespace can be used to bypass security restrictions in a different namespace when they contain default operator:write permissions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/consul | le | v1.11.6 | |
| github.com/hashicorp/consul | le | v1.11.6 |
References
discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
github.com/hashicorp/consul/commit/b50ef696c67117af8cbd32c854aa04c334273dab
github.com/hashicorp/consul/pull/11812
security.netapp.com/advisory/ntap-20211229-0007/
www.hashicorp.com/blog/category/consul
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P