CVE-2021-41805
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/12/2021
Last modified:
31/03/2022
Description
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* | 1.7.0 (including) | 1.8.17 (excluding) |
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* | 1.9.0 (including) | 1.9.11 (excluding) |
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* | 1.10.0 (including) | 1.10.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page