Hashicorp: >> Consul >> 0.9.0-rc1 Security Vulnerabilities
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
CVSS Score
7.5
EPSS Score
0.014
Published
2020-01-31
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-09