Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hashicorp consul vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-29564
The official Consul Docker images 0.7.1 up to and including 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote malicious user to achieve root access with a blank password.
Hashicorp Consul Docker Image
7.5
CVSSv3
CVE-2022-29153
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
Hashicorp Consul
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2023-30531
Jenkins Consul KV Builder Plugin 2.0.13 and previous versions does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for malicious users to observe and capture it.
Jenkins Consul Kv Builder
4.3
CVSSv3
CVE-2023-30530
Jenkins Consul KV Builder Plugin 2.0.13 and previous versions stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
Jenkins Consul Kv Builder
6.5
CVSSv3
CVE-2021-41865
HashiCorp Nomad and Nomad Enterprise 1.1.1 up to and including 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
Hashicorp Nomad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4