logo

Database

Authentication mechanism absence or evasion In github.com/hashicorp/consul

Description

Incorrect Authorization in HashiCorp Consul HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-79552. NVD-2020-79553. OSV-2020-79554. OSV-DEBIAN-2020-79555. GCVE-2020-79556. SECURITY-TRACKER-CVE-2020-7955

References

1. https://github.com/hashicorp/consul/issues/71602. https://www.hashicorp.com/blog/category/consul3. https://www.hashicorp.com/blog/category/consul/

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.