Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp consul vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2021-3121
An issue exists in GoGo Protobuf prior to 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Golang Protobuf
Hashicorp Consul
4 Github repositories
7.5
CVSSv3
CVE-2022-29153
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
Hashicorp Consul
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2023-30531
Jenkins Consul KV Builder Plugin 2.0.13 and previous versions does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for malicious users to observe and capture it.
Jenkins Consul Kv Builder
4.3
CVSSv3
CVE-2023-30530
Jenkins Consul KV Builder Plugin 2.0.13 and previous versions stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Consul Kv Builder
6.5
CVSSv3
CVE-2021-41865
HashiCorp Nomad and Nomad Enterprise 1.1.1 up to and including 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
Hashicorp Nomad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4