CVE-2020-13250
Published: 11 June 2020
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
Notes
Author | Note |
---|---|
msalvatore | "Introduced in 1.2.0" |
Priority
Status
Package | Release | Status |
---|---|---|
consul Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
eoan |
Not vulnerable
(code not present)
|
|
focal |
Needed
|
|
groovy |
Not vulnerable
(1.7.4+dfsg1-1)
|
|
hirsute |
Not vulnerable
(1.7.4+dfsg1-1)
|
|
impish |
Not vulnerable
(1.7.4+dfsg1-1)
|
|
jammy |
Not vulnerable
(1.7.4+dfsg1-1)
|
|
kinetic |
Not vulnerable
(1.7.4+dfsg1-1)
|
|
lunar |
Does not exist
|
|
mantic |
Not vulnerable
(1.10.12+dfsg1-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.7.4+dfsg1-1)
|
|
xenial |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |