CVE-2020-7955
Published: 31 January 2020
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Priority
Status
Package | Release | Status |
---|---|---|
consul Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
groovy |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
jammy |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
bionic |
Needs triage
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.7.0+dfsg1-1)
|
|
xenial |
Does not exist
|
|
mantic |
Not vulnerable
(1.10.12+dfsg1-1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |