Описание
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
Показывать по
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3