Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-31
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
| Products | Consul |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://github.com/hashicorp/consul/issues/7160
• https://www.hashicorp.com/blog/category/consul/ |