Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-2808

Опубликовано: 11 мар. 2026
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

A flaw was found in HashiCorp Consul. When configured with Kubernetes authentication, a highly privileged attacker can exploit this vulnerability to perform arbitrary file reads. This could lead to the disclosure of sensitive information from the system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/loki-rhel9-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/loki-rhel9-operatorNot affected
Multicluster Global Hubmulticluster-globalhub/multicluster-globalhub-grafana-rhel9Not affected
OpenShift Serverlessopenshift-serverless-1/kn-plugin-event-sender-rhel9Not affected
OpenShift Service Mesh 2openshift-service-mesh/istio-rhel8-operatorNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/kube-state-metrics-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/prometheus-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-59
https://bugzilla.redhat.com/show_bug.cgi?id=2446879github.com/hashicorp/consul: HashiCorp Consul: Arbitrary file read via Kubernetes authentication configuration

EPSS

Процентиль: 6%
0.00022
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-2808

CVSS3: 6.8
ubuntu
16 дней назад

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

nvd логотип

CVE-2026-2808

CVSS3: 6.8
nvd
16 дней назад

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.

debian логотип

CVE-2026-2808

CVSS3: 6.8
debian
16 дней назад

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22. ...

github логотип

GHSA-cpfq-66p2-336j

CVSS3: 6.8
github
16 дней назад

Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication

EPSS

Процентиль: 6%
0.00022
Низкий

6.8 Medium

CVSS3