Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-41805

Published: 12/12/2021 Updated: 31/03/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Hashicorp

Vulnerability Summary

HashiCorp Consul Enterprise prior to 1.8.17, 1.9.x prior to 1.9.11, and 1.10.x prior to 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hashicorp consul

Vendor Advisories

Arch Linux Issues:
A vulnerability was identified in Consul Enterprise before version 1104 such that an ACL token with the default operator:write permissions in one namespace may be used to escalate privileges into any other permissions across all namespaces ...

Github Repositories

https://github.com/nelsondurairaj/CVE-2021-41805

HashiCorp Consul exploit with python. (CVE-2021-41805)

CVE-2021-41805 Hashicorp Consul RCE via API HashiCorp Consul Enterprise before 1817, 19x before 1911, and 110x before 1104 has Incorrect Access Control An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace Summary CVE_ID : CVE-2021-41805 Base Score :

https://github.com/I-Am-Nelson/CVE-2021-41805

HashiCorp Consul exploit with python. (CVE-2021-41805)

CVE-2021-41805 Hashicorp Consul RCE via API HashiCorp Consul Enterprise before 1817, 19x before 1911, and 110x before 1104 has Incorrect Access Control An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace Summary CVE_ID : CVE-2021-41805 Base Score :

References

CWE-863https://www.hashicorp.com/blog/category/consulhttps://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871https://security.netapp.com/advisory/ntap-20211229-0007/https://nvd.nist.govhttps://github.com/nelsondurairaj/CVE-2021-41805https://security.archlinux.org/CVE-2021-41805
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook