CVE-2020-7955

Опубликовано: 31 янв. 2020

Источник: debian

Описание

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
consul	fixed	1.7.0+dfsg1-1		package
consul	not-affected		buster	package

Примечания

https://github.com/hashicorp/consul/issues/7160
Fixed in 1.6.3.

Связанные уязвимости

CVE-2020-7955

CVSS3: 5.3

ubuntu

около 6 лет назад

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

CVE-2020-7955

CVSS3: 5.3

redhat

около 6 лет назад

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

CVE-2020-7955

CVSS3: 5.3

nvd

около 6 лет назад

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

GHSA-r9w6-rhh9-7v53

CVSS3: 5.3

github

больше 4 лет назад

Incorrect Authorization in HashiCorp Consul