CVE-2020-25864

Cross-site Scripting in go/github.com/hashicorp/consul/acl

Identifier

CVE-2020-25864

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Cross-site Scripting

Description

A vulnerability was identified in Consul and Consul Enterprise such that a specially crafted key-value entry could be used to perform a cross-site scripting (XSS) attack when viewed in Consul KV API’s raw mode.

Affected Versions

All versions before 1.7.14, all versions starting from 1.8.0 before 1.8.10, all versions starting from 1.9.0 before 1.9.5

Solution

Upgrade to versions 1.7.14, 1.8.10, 1.9.5 or above.

Last Modified

2021-04-26

source