Miggo Logo

CVE-2020-28053: Privilege Escalation in HashiCorp Consul

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.48418%
Published
1/31/2024
Updated
1/31/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/hashicorp/consulgo>= 1.2.0, < 1.6.101.6.10
github.com/hashicorp/consulgo>= 1.7.0, < 1.7.101.7.10
github.com/hashicorp/consulgo>= 1.8.0, < 1.8.61.8.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub PR #9240 explicitly shows the ACL check was changed from OperatorRead to OperatorWrite in connect_ca_endpoint.go. The commit diff modifies the permission check in ConfigurationGet handler, and the test file connect_ca_endpoint_test.go adds ACL denial tests for operator:read users. This matches the CVE description about privilege escalation via insufficient authorization checks on the CA configuration endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp *onsul *n* *onsul *nt*rpris* *.*.* up to *.*.* *llow** op*r*tors wit* op*r*tor:r*** **L p*rmissions to r*** t** *onn**t ** priv*t* k*y *on*i*ur*tion. *ix** in *.*.**, *.*.**, *n* *.*.*.

Reasoning

T** *it*u* PR #**** *xpli*itly s*ows t** **L ****k w*s ***n*** *rom Op*r*torR*** to Op*r*torWrit* in *onn**t_**_*n*point.*o. T** *ommit *i** mo*i*i*s t** p*rmission ****k in *on*i*ur*tion**t **n*l*r, *n* t** t*st *il* *onn**t_**_*n*point_t*st.*o ***s