Описание
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| consul | fixed | 1.8.6+dfsg1-1 | package | |
| consul | not-affected | buster | package |
Примечания
https://github.com/hashicorp/consul/issues/9240
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
EPSS
Процентиль: 49%
0.00257
Низкий
Связанные уязвимости
CVSS3: 6.5
ubuntu
около 5 лет назад
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
CVSS3: 6.5
nvd
около 5 лет назад
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
EPSS
Процентиль: 49%
0.00257
Низкий