Multiple Vulnerabilities on HashiCorp Consul

Overview :
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities
Affected Product(s) :

This vulnerability affects the following version of HashCorp Consul

  • HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2
Vulnerability Details :
CVE ID : CVE-2020-7955 CVE-2020-7219
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service

Solution :

Fixed in 1.6.3.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-37708 : DOCKER 20.10.15 BUILD FD82621 PERMISSION

CVE-2022-37708 : DOCKER 20.10.15 BUILD FD82621 PERMISSION

Description Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

CVE-2023-0240 : LINUX KERNEL UP TO 5.10.160 IO_URING IO_PREP_ASYNC_WORK USE AFTER FREE

Description There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

CVE-2023-0556 : CONTENTSTUDIO PLUGIN UP TO 1.2.5 ON WORDPRESS CSTU_GET_METADATA AUTHORIZATION

Description The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions