Added |
CPE Configuration |
|
OR
*cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions up to (excluding) 1.7.14
*cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* versions up to (excluding) 1.7.14
*cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions from (including) 1.8.0 up to (excluding) 1.8.10
*cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* versions from (including) 1.8.0 up to (excluding) 1.8.10
*cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions from (including) 1.9.0 up to (excluding) 1.9.5
*cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* versions from (including) 1.9.0 up to (excluding) 1.9.5
|
Added |
CVSS V2 |
|
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
|
Added |
CVSS V2 Metadata |
|
Victim must voluntarily interact with attack mechanism
|
Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
Added |
CWE |
|
NIST CWE-79
|
Changed |
Reference Type |
https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 No Types Assigned
|
https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 Vendor Advisory
|
Changed |
Reference Type |
https://www.hashicorp.com/blog/category/consul No Types Assigned
|
https://www.hashicorp.com/blog/category/consul Product, Vendor Advisory
|