HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
References
Link | Resource |
---|---|
https://github.com/hashicorp/consul/issues/5423 | Mitigation Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-05T23:00:00
Updated: 2019-03-05T23:57:01
Reserved: 2019-02-13T00:00:00
Link: CVE-2019-8336
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-05T23:29:02.863
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-8336
JSON object: View
Redhat Information
No data.
CWE