Описание
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
Ссылки
- MitigationThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.4.0 (включая) до 1.4.3 (исключая)Версия от 1.4.0 (включая) до 1.4.3 (исключая)
Одно из
cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 58%
0.00362
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
ubuntu
почти 7 лет назад
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
CVSS3: 8.1
debian
почти 7 лет назад
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...
EPSS
Процентиль: 58%
0.00362
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
NVD-CWE-noinfo