Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Consul
(Hashicorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 33 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-10-30 | CVE-2024-10005 | A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | Consul | 5.8 | ||
| 2024-10-30 | CVE-2024-10006 | A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. | Consul | 5.8 | ||
| 2024-10-30 | CVE-2024-10086 | A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. | Consul | 6.1 | ||
| 2020-01-31 | CVE-2020-7219 | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. | Consul | 7.5 | ||
| 2020-01-31 | CVE-2020-7955 | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | Consul | 5.3 | ||
| 2020-06-11 | CVE-2020-12758 | HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | Consul | 7.5 |