CVE-2020-7955
Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul
5.3
MEDIUM
CVSS 3.1
EPSS 0.33%
Description
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
How to fix CVE-2020-7955
To remediate CVE-2020-7955, upgrade the affected package to a fixed version below.
- Bitnami/consul—upgrade to 1.6.2 or later
- —upgrade to 1.7.0+dfsg1-1 or later
- —upgrade to 1.6.3 or later
- —upgrade to 1.6.3 or later
Is CVE-2020-7955 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- >= 1.4.1, < 1.6.2
- from 0, < 1.7.0+dfsg1-1
- >= 1.4.1, < 1.6.3
- >= 1.4.1, < 1.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |