Legacy ACL Token Rule Propagation Failure in HashiCorp Consul and Consul Enterprise

Legacy ACL Token Rule Propagation Failure in HashiCorp Consul and Consul Enterprise

CVE-2020-12797 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.

Learn more about our Web Application Penetration Testing UK.