| Max CVSS | 5.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-28053 | 4.0 |
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
|
25-10-2022 - 20:43 | 23-11-2020 - 14:15 | |
| CVE-2020-25201 | 5.0 |
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
|
25-10-2022 - 20:43 | 04-11-2020 - 23:15 | |
| CVE-2020-7955 | 5.0 |
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
|
21-07-2021 - 11:39 | 31-01-2020 - 13:15 | |
| CVE-2020-7219 | 5.0 |
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
|
21-07-2021 - 11:39 | 31-01-2020 - 13:15 |