Identifier

CVE-2020-12797

Package Slug

go/github.com/hashicorp/consul/agent/consul/fsm

Vulnerability

Incorrect Permission Assignment for Critical Resource

Description

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers.

Affected Versions

All versions starting from 1.4.0 up to 1.6.6, all versions starting from 1.7.0 before 1.7.4

Solution

Upgrade to versions 1.7.0-beta1, 1.7.4 or above.

Last Modified

2020-06-18

source