BIT-consul-2020-13250

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2020-13250.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-consul-2020-13250

Aliases

CVE-2020-13250
GHSA-rqjq-mrgx-85hp
GO-2022-0879

Published

2024-03-06T10:54:43.689Z

Modified

2024-08-21T15:58:49.598835Z

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.

Database specific

{
    "cpes": [
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"
    ],
    "severity": "High"
}

References

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
https://github.com/hashicorp/consul/pull/8023

Affected packages

Bitnami / consul

Package

Name: consul
Purl: pkg:bitnami/consul

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.2.0

Fixed

1.6.6

Introduced

1.7.0

Fixed

1.7.4