Unintended Privilege Escalation in HashiCorp Consul Enterprise

Unintended Privilege Escalation in HashiCorp Consul Enterprise

CVE-2021-41805 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Learn more about our Web Application Penetration Testing UK.