ID CVE-2021-41805
Summary HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
References
Vulnerable Configurations
  • cpe:2.3:a:hashicorp:consul:1.7.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.9:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.9:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.10:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.10:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.11:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.11:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.12:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.12:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.13:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.13:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.7.14:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.7.14:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.9:-:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.9:-:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.9:beta1:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.9:beta1:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.10:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.10:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.14:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.14:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.15:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.15:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.8.16:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.8.16:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.3:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.4:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.4:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.5:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.5:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.6:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.6:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.7:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.7:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.8:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.8:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.9:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.9:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.9.10:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.9.10:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.10.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.10.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.10.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.10.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.10.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.10.2:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.10.3:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.10.3:*:*:*:enterprise:*:*:*
CVSS
Base: 6.5 (as of 31-03-2022 - 16:31)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
Last major update 31-03-2022 - 16:31
Published 12-12-2021 - 05:15
Last modified 31-03-2022 - 16:31
Back to Top