UBUNTU-CVE-2020-7955

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-7955

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-7955.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-7955

Upstream

CVE-2020-7955

Published

2020-01-31T13:15:00Z

Modified

2025-10-24T04:48:19Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

References

Affected packages

Ubuntu:18.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@0.6.4~dfsg-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.4~dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "0.6.4~dfsg-3"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "0.6.4~dfsg-3"
        }
    ]
}

Ubuntu:20.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.5.2+dfsg2-14?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.7~dfsg1-5ubuntu1

1.4.4~dfsg1-2ubuntu2

1.5.2+dfsg1-6

1.5.2+dfsg1-10

1.5.2+dfsg1-12

1.5.2+dfsg2-14

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "1.5.2+dfsg2-14"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "1.5.2+dfsg2-14"
        }
    ]
}

Ubuntu:22.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.8.7+dfsg1-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4+dfsg1-1

1.8.7+dfsg1-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "1.8.7+dfsg1-3"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "1.8.7+dfsg1-3"
        }
    ]
}