Vulnerabilities > Hashicorp > Consul > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2021-28156 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. | 7.5 |
| 2021-01-11 | CVE-2021-3121 | Improper Validation of Array Index vulnerability in multiple products An issue was discovered in GoGo Protobuf before 1.3.2. | 8.6 |
| 2020-11-04 | CVE-2020-25201 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. | 7.5 |
| 2020-06-11 | CVE-2020-13250 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. | 7.5 |
| 2020-06-11 | CVE-2020-13170 | Improper Input Validation vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. | 7.5 |
| 2020-06-11 | CVE-2020-12758 | Improper Resource Shutdown or Release vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. | 7.5 |
| 2020-01-31 | CVE-2020-7219 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |
| 2019-06-06 | CVE-2019-12291 | Unspecified vulnerability in Hashicorp Consul HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. | 7.5 |
| 2019-03-26 | CVE-2019-9764 | Origin Validation Error vulnerability in Hashicorp Consul 1.4.3 HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. | 7.4 |
| 2019-03-05 | CVE-2019-8336 | Unspecified vulnerability in Hashicorp Consul 1.4.0/1.4.1/1.4.2 HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. | 8.1 |