CVE-2020-7955
MEDIUM5.3EPSS 0.33%Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul
Published: 7/28/2021Modified: 4/28/2026
Description
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
Affected packages (4)
- Bitnami/consul>= 1.4.1, < 1.6.2
- Debian/consulfrom 0, < 1.7.0+dfsg1-1
- Go/github.com/hashicorp/consul>= 1.4.1, < 1.6.3
- Go/github.com/hashicorp/consul>= 1.4.1, < 1.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-r9w6-rhh9-7v53
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-7955
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-7955
- WEBhttps://github.com/hashicorp/consul/issues/7160
- WEBhttps://www.hashicorp.com/blog/category/consul
- WEBhttps://www.hashicorp.com/blog/category/consul/