Vulnerabilities > Hashicorp > Consul
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2021-3121 | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in GoGo Protobuf before 1.3.2. | 8.6 |
| 2020-11-23 | CVE-2020-28053 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. | 6.5 |
| 2020-11-04 | CVE-2020-25201 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. | 7.5 |
| 2020-06-11 | CVE-2020-13250 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. | 7.5 |
| 2020-06-11 | CVE-2020-13170 | Improper Input Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. | 7.5 |
| 2020-06-11 | CVE-2020-12797 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. | 5.3 |
| 2020-06-11 | CVE-2020-12758 | Improper Resource Shutdown or Release vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. | 7.5 |
| 2020-01-31 | CVE-2020-7955 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. | 5.3 |
| 2020-01-31 | CVE-2020-7219 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |
| 2019-06-06 | CVE-2019-12291 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. | 7.5 |