Hashicorp: >> Consul >> 1.7.6 Security Vulnerabilities
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
CVSS Score
6.1
EPSS Score
0.851
Published
2021-04-20
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVSS Score
8.6
EPSS Score
0.001
Published
2021-01-11
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-11-23
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
CVSS Score
7.5
EPSS Score
0.015
Published
2020-11-04
Page 2