consul - Arch Linux
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2171 | 1.9.7-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-36213 | AVG-2171 | Medium | Yes | Access restriction bypass | In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action. |
| CVE-2021-32574 | AVG-2171 | Low | Yes | Certificate verification bypass | HashiCorp Consul before version 1.9.8 does not validate SSL certificates correctly: xds does not ensure that the Subject Alternative Name of an upstream is... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1830 | 1.9.4-1 | Medium | Not affected | ||
| AVG-1829 | 1.9.4-1 | 1.9.5-1 | Medium | Fixed | |
| AVG-1295 | 1.7.0-1 | 1.8.4-1 | Medium | Not affected | |
| AVG-1294 | 1.7.4-1 | 1.9.1-1 | Medium | Fixed | FS#68723 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-28156 | AVG-1830 | Medium | Yes | Access restriction bypass | A vulnerability was identified in Consul Enterprise version 1.8.0 up to version 1.9.4 where a crafted endpoint URL could be used to bypass the audit log.... |
| CVE-2020-28053 | AVG-1294 | Medium | Yes | Privilege escalation | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key... |
| CVE-2020-25864 | AVG-1829 | Medium | Yes | Cross-site scripting | A vulnerability was identified in Consul and Consul Enterprise ("Consul") up to version 1.9.4 where a specially crafted KV entry could be used to perform a... |
| CVE-2020-25201 | AVG-1295 | Medium | Yes | Denial of service | HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 allowed operators with service:write ACL permissions to write a malicious config entry that causes... |