Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-13250

HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.

Published

2020-06-11T20:15:11.477

Last Modified

2024-11-21T05:00:52.783

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-770

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	consul	< 1.6.6	Yes
Application	hashicorp	consul	< 1.6.6	Yes
Application	hashicorp	consul	< 1.7.4	Yes
Application	hashicorp	consul	< 1.7.4	Yes

References

https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md Release Notes, Third Party Advisory ([email protected])
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md Release Notes, Third Party Advisory ([email protected])
https://github.com/hashicorp/consul/pull/8023 Patch, Third Party Advisory ([email protected])
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/hashicorp/consul/pull/8023 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)