Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2020-7955

MEDIUM severity · CVSS 5.3 · Incorrect authorization
5.3CVSS MEDIUM

Summary

HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactLow
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products we track (1)

HashiCorp Consul

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information