CVE-2020-28053: Privilege Escalation in HashiCorp Consul
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.48418%
CWE
Published
1/31/2024
Updated
1/31/2024
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/hashicorp/consul | go | >= 1.2.0, < 1.6.10 | 1.6.10 |
github.com/hashicorp/consul | go | >= 1.7.0, < 1.7.10 | 1.7.10 |
github.com/hashicorp/consul | go | >= 1.8.0, < 1.8.6 | 1.8.6 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The GitHub PR #9240 explicitly shows the ACL check was changed from OperatorRead to OperatorWrite in connect_ca_endpoint.go. The commit diff modifies the permission check in ConfigurationGet handler, and the test file connect_ca_endpoint_test.go adds ACL denial tests for operator:read users. This matches the CVE description about privilege escalation via insufficient authorization checks on the CA configuration endpoint.