Lucene search
Veracode Vulnerability DatabaseVERACODE:33297HistoryDec 13, 2021 - 9:27 a.m.
Privilege Escalation
2021-12-1309:27:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.002 Low
EPSS
Percentile
53.3%
github.com/hashicorp/consul is vulnerable to privilege escalation. The vulnerability exists because ACL tokens in one namespace can be used to bypass security restrictions in a different namespace when they contain default operator:write permissions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/consul | le | v1.11.6 | |
| github.com/hashicorp/consul | le | v1.11.6 |
References
discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871
github.com/hashicorp/consul/commit/b50ef696c67117af8cbd32c854aa04c334273dab
github.com/hashicorp/consul/pull/11812
security.netapp.com/advisory/ntap-20211229-0007/
www.hashicorp.com/blog/category/consul
Related
nessus
nessus
Photon OS 3.0: Consul PHSA-2021-3.0-0346
2022-01-10 00:00:00
osv
osv
CVE-2021-41805
2021-12-12 05:15:07
BIT-consul-2021-41805
2024-03-06 10:52:33
githubexploit
githubexploit
Exploit for Incorrect Authorization in Hashicorp Consul
2022-12-07 10:50:17
Exploit for Incorrect Authorization in Hashicorp Consul
2022-12-07 10:50:17
cvelist
cvelist
CVE-2021-41805
2021-12-12 04:51:21
prion
prion
Privilege escalation
2021-12-12 05:15:00
ubuntucve
ubuntucve
CVE-2021-41805
2021-12-12 00:00:00
nvd
nvd
CVE-2021-41805
2021-12-12 05:15:07
debiancve
debiancve
CVE-2021-41805
2021-12-12 05:15:07
cve
cve
CVE-2021-41805
2021-12-12 05:15:07
photon
photon
Important Photon OS Security Update - PHSA-2022-0143
2022-01-12 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0143
2022-01-10 00:00:00