Github.Com Hashicorp Consul vulnerabilities
32 known vulnerabilities affecting github.com/hashicorp_consul.
Total CVEs
32
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH15MEDIUM17
Vulnerabilities
Page 1 of 2
CVE-2022-29153P1HIGHCVSS 7.5ExploitedPoC≥ 0, < 1.9.17≥ 1.10.0, < 1.10.10+1 more2022-04-20
CVE-2022-29153 [HIGH] CWE-918 Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17
ghsaosv
CVE-2020-25864P3MEDIUMPoC≥ 1.9.0, < 1.9.5≥ 1.8.0, < 1.8.10+1 more2022-05-24
CVE-2020-25864 [MEDIUM] CWE-79 HashiCorp Consul Cross-site Scripting vulnerability
HashiCorp Consul Cross-site Scripting vulnerability
HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.
ghsaosv
CVE-2021-37219P3HIGH≥ 1.10.1, < 1.10.2≥ 1.9.0, < 1.9.9+1 more2021-09-08
CVE-2021-37219 [HIGH] CWE-295 HashiCorp Consul Privilege Escalation Vulnerability
HashiCorp Consul Privilege Escalation Vulnerability
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
ghsaosv
CVE-2019-8336P3HIGH≥ 1.4.0, < 1.4.32022-05-13
CVE-2019-8336 [HIGH] CWE-284 HashiCorp Consul Access Restriction Bypass
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.
ghsaosv
CVE-2023-3518P3HIGHCVSS 7.3≥ 1.16.0, < 1.16.12023-08-09
CVE-2023-3518 [HIGH] CWE-266 Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
ghsaosv
CVE-2026-2808P3MEDIUMCVSS 6.8≥ 0, < 1.18.21≥ 1.22.0-rc1, < 1.22.5+1 more2026-03-12
CVE-2026-2808 [MEDIUM] CWE-59 Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication
Consul is vulnerable to arbitrary file read when configured with Kubernetes authentication
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
ghsaosv
CVE-2021-36213P3HIGH≥ 0, < 1.10.12021-07-19
CVE-2021-36213 [HIGH] HashiCorp Consul L7 deny intention results in an allow action
HashiCorp Consul L7 deny intention results in an allow action
In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
ghsaosv
CVE-2021-32574P3HIGH≥ 0, < 1.10.12021-07-19
CVE-2021-32574 [HIGH] CWE-295 Hashicorp Consul Missing SSL Certificate Validation
Hashicorp Consul Missing SSL Certificate Validation
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
ghsaosv
CVE-2019-12291P3HIGH≥ 1.4.0, < 1.5.12023-06-09
CVE-2019-12291 [HIGH] CWE-284 HashiCorp Consul Incorrect Access Control vulnerability
HashiCorp Consul Incorrect Access Control vulnerability
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
### Specific Go Packages Affected
github.com/hashicorp/consul/acl
ghsaosv
CVE-2025-11375P3MEDIUMCVSS 6.5≥ 0, < 1.22.02025-10-28
CVE-2025-11375 [MEDIUM] CWE-770 Consul event endpoint is vulnerable to denial of service
Consul event endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
ghsaosv
CVE-2025-11374P3MEDIUMCVSS 6.5≥ 0, < 1.22.02025-10-28
CVE-2025-11374 [MEDIUM] CWE-770 Consul key/value endpoint is vulnerable to denial of service
Consul key/value endpoint is vulnerable to denial of service
Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
ghsaosv
CVE-2020-13170P3MEDIUM≥ 1.6.0-beta1, < 1.6.6≥ 1.7.0, < 1.7.42021-05-18
CVE-2020-13170 [MEDIUM] CWE-20 Improper Input Validation in HashiCorp Consul
Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent
ghsaosv
CVE-2022-3920P3HIGH≥ 1.13.0, < 1.14.02022-11-16
CVE-2022-3920 [HIGH] CWE-862 Missing Authorization in HashiCorp Consul
Missing Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
ghsaosv
CVE-2020-13250P3HIGH≥ 1.2.0, < 1.6.6≥ 1.7.0, < 1.7.42021-05-18
CVE-2020-13250 [HIGH] CWE-770 Allocation of Resources Without Limits or Throttling in Hashicorp Consul
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/config
### Fix
The vulnerability is fixed in versions 1.6.6 and 1.7.4.
ghsaosv
CVE-2020-7219P3HIGH≥ 0, < 1.6.32021-05-18
CVE-2020-7219 [HIGH] CWE-400 Denial of Service (DoS) in HashiCorp Consul
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul
ghsaosv
CVE-2020-12758P3MEDIUM≥ 1.6.0-beta1, < 1.6.6≥ 1.7.0, < 1.7.42022-02-15
CVE-2020-12758 [MEDIUM] CWE-400 Denial of Service (DoS) in HashiCorp Consul
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul/discoverychain
ghsaosv
CVE-2022-40716P3MEDIUM≥ 0, < 1.11.9≥ 1.12.0, < 1.12.5+1 more2022-09-25
CVE-2022-40716 [MEDIUM] CWE-252 HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with
ghsaosv
CVE-2023-2816P3HIGH≥ 1.15.0, < 1.15.32023-06-03
CVE-2023-2816 [HIGH] CWE-266 Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding
ghsaosv
CVE-2020-25201P3HIGH≥ 1.7.0, < 1.7.9≥ 1.8.0, < 1.8.52024-01-31
CVE-2020-25201 [HIGH] CWE-400 Denial of service in HashiCorp Consul
Denial of service in HashiCorp Consul
HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
ghsaosv
CVE-2021-38698P3MEDIUM≥ 1.10.1, < 1.10.2≥ 1.9.0, < 1.9.9+1 more2021-09-08
CVE-2021-38698 [MEDIUM] CWE-862 HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service tr
ghsaosv
1 / 2Next →