HashiCorp Consul 0.9.0

CPE Details

HashiCorp Consul 0.9.0
hashicorp
consul
0.9.0
2021-02-09
16h57 +00:00
2021-02-09
16h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:hashicorp:consul:0.9.0:-:*:*:-:*:*:*

Informations

Vendor

hashicorp

Product

consul

Version

0.9.0

Update

-

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5332 2023-12-04 06h30 +00:00 Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
8.1
Haute
CVE-2023-0845 2023-03-09 15h14 +00:00 Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
6.5
Moyen
CVE-2022-40716 2022-09-22 22h00 +00:00 HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
6.5
Moyen
CVE-2022-29153 2022-04-18 22h00 +00:00 HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
7.5
Haute
CVE-2021-38698 2021-09-07 09h45 +00:00 HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
6.5
Moyen
CVE-2021-37219 2021-09-07 09h33 +00:00 HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
8.8
Haute
CVE-2020-25864 2021-04-20 11h07 +00:00 HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
6.1
Moyen
CVE-2021-3121 2021-01-11 04h57 +00:00 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
8.6
Haute
CVE-2020-7219 2020-01-31 11h39 +00:00 HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
7.5
Haute
CVE-2018-19653 2018-12-09 18h00 +00:00 HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
5.9
Moyen