Описание
HashiCorp Consul Incorrect Access Control vulnerability
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
Specific Go Packages Affected
github.com/hashicorp/consul/acl
Пакеты
github.com/hashicorp/consul
>= 1.4.0, < 1.5.1
1.5.1
Связанные уязвимости
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ...