CVE-2020-25864
go/github.com/hashicorp/consul/acl
Cross-site Scripting
A vulnerability was identified in Consul and Consul Enterprise such that a specially crafted key-value entry could be used to perform a cross-site scripting (XSS) attack when viewed in Consul KV API’s raw mode.
All versions before 1.7.14, all versions starting from 1.8.0 before 1.8.10, all versions starting from 1.9.0 before 1.9.5
Upgrade to versions 1.7.14, 1.8.10, 1.9.5 or above.
2021-04-26
source |