GHSA-6m72-467w-94rh, CVE-2020-28053
go/github.com/hashicorp/consul
Incorrect Authorization
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
All versions starting from 1.2.0 before 1.6.10, all versions starting from 1.7.0 before 1.7.10, all versions starting from 1.8.0 before 1.8.6
Upgrade to versions 1.6.10, 1.7.10, 1.8.6 or above.
2024-02-01
source |