Описание
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | servicemesh | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-operator | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-prometheus | Not affected | ||
| Red Hat Fuse 7 | consul-client | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-841
https://bugzilla.redhat.com/show_bug.cgi?id=1805875consul: Missing access control in HTTP API endpoints
EPSS
Процентиль: 56%
0.00332
Низкий
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
ubuntu
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
CVSS3: 5.3
nvd
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
CVSS3: 5.3
debian
около 6 лет назад
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...
EPSS
Процентиль: 56%
0.00332
Низкий
5.3 Medium
CVSS3