CVE-2019-8336
published 2019-03-05CVE-2019-8336: HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other…
PriorityP346high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
1.25%
65.7th percentile
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 1.4.0 < 1.4.3 | 1.4.3 |
| hashicorp | consul | >= 1.4.0 < 1.4.3 | 1.4.3 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian8.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul
osv·2024-08-20
CVE-2019-8336 HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul
HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul
HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul
GHSA
HashiCorp Consul Access Restriction Bypass
ghsa·2022-05-13
CVE-2019-8336 [HIGH] CWE-284 HashiCorp Consul Access Restriction Bypass
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
OSV
HashiCorp Consul Access Restriction Bypass
osv·2022-05-13
CVE-2019-8336 [HIGH] HashiCorp Consul Access Restriction Bypass
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
Debian
CVE-2019-8336: consul - HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to b...
vendor_debian·2019·CVSS 8.1
CVE-2019-8336 [HIGH] CVE-2019-8336: consul - HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to b...
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
Scope: local
bullseye: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-05
Published