Multiple Vulnerabilities on HashiCorp Consul

Overview :

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities

Affected Product(s) :

This vulnerability affects the following version of HashCorp Consul

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2

Vulnerability Details :

CVE ID :

CVE-2020-7955 CVE-2020-7219

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service

Solution :

Fixed in 1.6.3.

Contact us to get started

CVE-2022-30049 : SSRF Vulnerability

Description A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet

Learn more

CVE-2022-24878 : Improper Path Handling In Kustomization Files Allows For Denial Of Service

Description The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user

Learn more

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965

Are you having a Spring MVC or Spring WebFlux application running on JDK version 9 or higher? Then ensure that

Learn more

Multiple Vulnerabilities on HashiCorp Consul

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-30049 : SSRF Vulnerability

CVE-2022-24878 : Improper Path Handling In Kustomization Files Allows For Denial Of Service

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965