Candidate: CVE-2020-13170
PublicDate: 2020-06-11 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
 https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
 https://github.com/hashicorp/consul/pull/8068
 https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
Description:
 HashiCorp Consul and Consul Enterprise did not appropriately enforce scope
 for local tokens issued by a primary data center, where replication to a
 secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6
 and 1.7.4.
Ubuntu-Description:
Notes:
 msalvatore> "Introduced in 1.4.0"
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_consul:
upstream_consul: released (1.7.4+dfsg1-1)
precise/esm_consul: DNE
trusty_consul: ignored (out of standard support)
trusty/esm_consul: DNE
xenial_consul: DNE
bionic_consul: not-affected (code not present)
eoan_consul: not-affected (code not present)
focal_consul: needed
groovy_consul: not-affected (1.7.4+dfsg1-1)
hirsute_consul: not-affected (1.7.4+dfsg1-1)
impish_consul: not-affected (1.7.4+dfsg1-1)
jammy_consul: not-affected (1.7.4+dfsg1-1)
devel_consul: not-affected (1.7.4+dfsg1-1)