CVE Vulnerability

CVE-2020-12797

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/hashicorp/consul/pull/8047 Patch Third Party Advisory
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md Release Notes Third Party Advisory
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md Release Notes Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
Information

Published : 2020-06-11 08:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-12797

Mitre link : CVE-2020-12797

Products Affected

Consul

Hashicorp

CWE
NVD-CWE-noinfo