CVE-2020-25864: Cross-site Scripting

April 20, 2021 (updated April 23, 2021)

A vulnerability was identified in Consul and Consul Enterprise such that a specially crafted key-value entry could be used to perform a cross-site scripting (XSS) attack when viewed in Consul KV API’s raw mode.

References

discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
nvd.nist.gov/vuln/detail/CVE-2020-25864
www.hashicorp.com/blog/category/consul

Detect and mitigate CVE-2020-25864 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →