6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-28053

GHSA ID

GHSA-6m72-467w-94rh

EPSS Score

0.48418%

CWE

CWE-732

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-28053

CVE-2020-28053:
Privilege Escalation in HashiCorp Consul

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-28053

GHSA ID

GHSA-6m72-467w-94rh

EPSS Score

0.48418%

CWE

CWE-732

Published

1/31/2024

Updated

1/31/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/hashicorp/consul	go	>= 1.2.0, < 1.6.10	1.6.10
github.com/hashicorp/consul	go	>= 1.7.0, < 1.7.10	1.7.10
github.com/hashicorp/consul	go	>= 1.8.0, < 1.8.6	1.8.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub PR #9240 explicitly shows the ACL check was changed from OperatorRead to OperatorWrite in connect_ca_endpoint.go. The commit diff modifies the permission check in ConfigurationGet handler, and the test file connect_ca_endpoint_test.go adds ACL denial tests for operator:read users. This matches the CVE description about privilege escalation via insufficient authorization checks on the CA configuration endpoint.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp *onsul *n* *onsul *nt*rpris* *.*.* up to *.*.* *llow** op*r*tors wit* op*r*tor:r*** **L p*rmissions to r*** t** *onn**t ** priv*t* k*y *on*i*ur*tion. *ix** in *.*.**, *.*.**, *n* *.*.*.

Reasoning

T** *it*u* PR #**** *xpli*itly s*ows t** **L ****k w*s ***n*** *rom Op*r*torR*** to Op*r*torWrit* in *onn**t_**_*n*point.*o. T** *ommit *i** mo*i*i*s t** p*rmission ****k in *on*i*ur*tion**t **n*l*r, *n* t** t*st *il* *onn**t_**_*n*point_t*st.*o ***s

6.5

Basic Information

Concerned about an active attack path?

CVE-2020-28053: Privilege Escalation in HashiCorp Consul

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-28053:
Privilege Escalation in HashiCorp Consul

Vulnerability Intelligence
Miggo AI