CVE-2020-12797
published 2020-06-11CVE-2020-12797: HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
1.55%
72.0th percentile
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | < consul 1.7.4+dfsg1-1 (bullseye) | consul 1.7.4+dfsg1-1 (bullseye) |
| github.com | hashicorp_consul | >= 1.6.0 < 1.6.6 | 1.6.6 |
| github.com | hashicorp_consul | >= 1.7.0 < 1.7.4 | 1.7.4 |
| hashicorp | consul | >= 0 < 1.7.4+dfsg1-1 | 1.7.4+dfsg1-1 |
| hashicorp | consul | >= 1.4.0 < 1.6.6 | 1.6.6 |
| hashicorp | consul | 1.4.0 – 1.6.6 | — |
| hashicorp | consul | >= 1.7.0 < 1.7.4 | 1.7.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul
osv·2024-08-21
CVE-2020-12797 Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul
OSV
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
osv·2021-06-23
CVE-2020-12797 [MEDIUM] Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/structs
GHSA
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
ghsa·2021-06-23
CVE-2020-12797 [MEDIUM] CWE-732 Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/structs
OSV
CVE-2020-12797: HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers
osv·2020-06-11·CVSS 5.3
CVE-2020-12797 [MEDIUM] CVE-2020-12797: HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
Debian
CVE-2020-12797: consul - HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL t...
vendor_debian·2020·CVSS 5.3
CVE-2020-12797 [MEDIUM] CVE-2020-12797: consul - HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL t...
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
Scope: local
bullseye: resolved (fixed in 1.7.4+dfsg1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.mdhttps://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.mdhttps://github.com/hashicorp/consul/pull/8047https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.mdhttps://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.mdhttps://github.com/hashicorp/consul/pull/8047
2020-06-11
Published