Hashicorp: >> Consul >> 1.6.7 Security Vulnerabilities
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVSS Score
8.6
EPSS Score
0.001
Published
2021-01-11
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-11-23
Page 2