Shodan
Vulnerabilities
Vulnerable Software
Hashicorp:  >> Consul  >> 0.12.0  Security Vulnerabilities
CVE-2023-0845
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
CVSS Score
4.9
EPSS Score
0.003
Published
2023-03-09
CVE-2022-40716
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
CVSS Score
6.5
EPSS Score
0.002
Published
2022-09-23
CVE-2022-29153
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
CVSS Score
7.5
EPSS Score
0.884
Published
2022-04-19
CVE-2021-37219
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
CVSS Score
8.8
EPSS Score
0.025
Published
2021-09-07
CVE-2021-38698
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-09-07
CVE-2020-25864
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
CVSS Score
6.1
EPSS Score
0.846
Published
2021-04-20
CVE-2021-3121
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVSS Score
8.6
EPSS Score
0.001
Published
2021-01-11
CVE-2020-7219
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-01-31
CVE-2018-19653
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved