Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-25201

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes infinite raft writes due to issues with the namespace replication logic. This can lead to an operator with access to one namespace to be able to temporarily delete a doppelgänger configuration in another namespace they should not have access to modify.

Source

Severity Medium

Remote Yes

Type Denial of service

Description

HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes infinite raft writes due to issues with the namespace replication logic. This can lead to an operator with access to one namespace to be able to temporarily delete a doppelgänger configuration in another namespace they should not have access to modify.

AVG-1295 consul 1.7.0-1 1.8.4-1 Medium Not affected

https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
https://github.com/hashicorp/consul/pull/9024
https://github.com/hashicorp/consul/commit/58387fef0a8240d0457001bb2bac075796775e11

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect