Inconsistent ACL Enforcement in HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2

Inconsistent ACL Enforcement in HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2

CVE-2020-7955 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Learn more about our Api Penetration Testing.