HIGH8.8CVE-2021-41805HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. >= 1.7.0, < 1.8.17, >= 1.9.0, < 1.9.11, >= 1.10.0, < 1.10.4
HIGH8.8CVE-2021-37219HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul from 0, < 1.8.15, >= 1.9.0, < 1.9.9, >= 1.10.0, < 1.10.2
HIGH8.7CVE-2023-2816Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner >= 1.15.0, < 1.15.3
HIGH8.6Panic due to improper input validation in github.com/gogo/protobuf
from 0, < 1.8.15, >= 1.9.0, < 1.9.9, >= 1.10.0, < 1.10.2
HIGH8.3Consul L7 Intentions Vulnerable To Headers Bypass
>= 1.9.0, < 1.20.1
HIGH8.1Consul L7 Intentions Vulnerable To URL Path Bypass
>= 1.9.0, < 1.20.1
HIGH8.1Dependency on Vulnerable Third-Party Component in GitLab
from 0, < 0.9.4, >= 1.0.0, < 1.0.8, >= 1.1.0, < 1.1.1, >= 1.2.0, < 1.2.4
HIGH7.5HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events.
>= 1.8.0, < 1.8.10, >= 1.9.0, < 1.9.5
HIGH7.5Denial of service in HashiCorp Consul in github.com/hashicorp/consul
>= 1.7.0, <= 1.8.4
HIGH7.5Consul Peering Imported Nodes/Services Leak
>= 1.13.0, < 1.13.4
HIGH7.5Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul
from 0, < 1.9.17, >= 1.10.0, < 1.10.10, >= 1.11.0, < 1.11.5
HIGH7.5HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul
>= 1.9.0, < 1.9.8, >= 1.10.0, < 1.10.1
HIGH7.5Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
>= 1.3.0, < 1.8.14, >= 1.9.0, < 1.9.8, >= 1.10.0, < 1.10.1
HIGH7.5Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul
>= 1.2.0, < 1.6.6, >= 1.7.0, < 1.7.4
HIGH7.5Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul
from 0, < 1.6.2
HIGH7.4JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
>= 1.16.0, < 1.16.1
HIGH7.1Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul
>= 1.8.1, < 1.11.9, >= 1.12.4, < 1.12.5, >= 1.13.1, < 1.13.2
MEDIUM6.8Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
from 0, < 1.22.5
MEDIUM6.5Consul's KV endpoint is vulnerable to denial of service
from 0, < 1.22.0
MEDIUM6.5Consul's event endpoint is vulnerable to denial of service
from 0, < 1.22.0
MEDIUM6.5Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul
>= 1.2.0, < 1.6.10, >= 1.7.0, < 1.7.10, >= 1.8.0, < 1.8.6
MEDIUM6.5Consul Server Panic when Ingress and API Gateways Configured with Peering
from 0, < 1.14.5
MEDIUM6.5HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.2
MEDIUM6.5HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
>= 1.8.0, < 1.9.15, >= 1.10.0, < 1.10.8, >= 1.11.0, < 1.11.3
MEDIUM6.5HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul
from 0, < 1.8.15, >= 1.9.0, < 1.9.9, >= 1.10.0, < 1.10.2
MEDIUM6.1Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
>= 1.4.1, < 1.20.0
MEDIUM6.1HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
from 0, < 1.7.14, >= 1.8.0, < 1.8.10, >= 1.9.0, < 1.9.5
MEDIUM5.3Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul
>= 1.6.0, < 1.6.6, >= 1.7.0, < 1.7.4
MEDIUM5.3Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul
>= 1.4.1, < 1.6.2
MEDIUM5.3Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul
>= 1.4.0, < 1.6.7, >= 1.7.0, < 1.7.4
MEDIUM5.3Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul
>= 1.4.0, < 1.6.6, >= 1.7.0, < 1.7.4
MEDIUM4.9Consul Cluster Peering can Result in Denial of Service
>= 1.13.0, < 1.14.7, >= 1.15.0, < 1.15.3
MEDIUM4.7Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
>= 0.1.0, < 0.42.0