Multiple Vulnerabilities on HashiCorp Consul

Overview :
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 Information Disclosure and DDoS Vulnerabilities
Affected Product(s) :

This vulnerability affects the following version of HashCorp Consul

  • HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2
Vulnerability Details :
CVE ID : CVE-2020-7955 CVE-2020-7219
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service

Solution :

Fixed in 1.6.3.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

Description Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. References https://github.com/DYX217/directory-traversal For More Information CVERecord

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

Description CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. References https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc For More

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

Description A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons. This issue affects Spring LDAP: