Описание
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.4.0 (включая) до 1.6.6 (исключая)Версия от 1.4.0 (включая) до 1.6.6 (исключая)Версия от 1.7.0 (включая) до 1.7.4 (исключая)Версия от 1.7.0 (включая) до 1.7.4 (исключая)
Одно из
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 66%
0.00514
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 5 лет назад
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
CVSS3: 7.5
debian
больше 5 лет назад
HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...
EPSS
Процентиль: 66%
0.00514
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20