Hashicorp: >> Consul >> 1.8.5 Security Vulnerabilities
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
CVSS Score
6.1
EPSS Score
0.747
Published
2021-04-20
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-04-20
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVSS Score
8.6
EPSS Score
0.001
Published
2021-01-11
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-11-23
Page 2