Описание
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | |
| groovy | not-affected | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE |
Показывать по
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ...
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3