Описание
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.4.1 (включая) до 1.6.2 (исключая)Версия от 1.4.1 (включая) до 1.6.2 (исключая)
Одно из
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 56%
0.00332
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
CVSS3: 5.3
redhat
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
CVSS3: 5.3
debian
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...
EPSS
Процентиль: 56%
0.00332
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863