Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25864

Опубликовано: 14 апр. 2021
Источник: redhat
CVSS3: 6.1

Описание

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

In consul a specially crafted KV (key/value store) entry could be used by attacker to perform a XSS (Cross Site Scripting) attack when viewed in the raw mode.

Отчет

OpenShift Container Platform (OCP) and OpenShift Service Mesh (OSSM) components ship only consul api which could be used for connection to consul service mesh solution, therefore are not affected by this flaw. Some OpenShift Virtualization components reference consul in go.sum files, however none of the projects or container images depend on or ship consul, therefore are not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemeshNot affected
OpenShift Service Mesh 2.0servicemesh-prometheusNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/metrics-collector-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multicluster-observability-rhel8-operatorNot affected
Red Hat Fuse 7consul-clientNot affected
Red Hat OpenShift Container Platform 4openshift4/cnf-tests-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/compliance-rhel8-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/file-integrity-rhel8-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-baremetal-machine-controllersNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-cluster-etcd-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1950275consul: specially crafted KV entry could be used to perform a XSS attack

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25864

CVSS3: 6.1
ubuntu
почти 5 лет назад

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

nvd логотип

CVE-2020-25864

CVSS3: 6.1
nvd
почти 5 лет назад

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

debian логотип

CVE-2020-25864

CVSS3: 6.1
debian
почти 5 лет назад

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value ( ...

github логотип

GHSA-8xmx-h8rq-h94j

CVSS3: 6.1
github
больше 3 лет назад

HashiCorp Consul Cross-site Scripting vulnerability

6.1 Medium

CVSS3