Identifier

CVE-2020-13170

Package Slug

go/github.com/hashicorp/consul/agent

Vulnerability

Improper Input Validation

Description

HashiCorp Consul and Consul Enterprise do not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled.

Affected Versions

All versions starting from 1.4.0 before 1.6.6, all versions starting from 1.7.0 before 1.7.4

Solution

Upgrade to versions 1.6.6, 1.7.4 or above.

Last Modified

2020-06-19

source