HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
References
Link | Resource |
---|---|
https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md | Release Notes Third Party Advisory |
https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md | Release Notes Third Party Advisory |
https://github.com/hashicorp/consul/pull/8023 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-06-11 20:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-13250
Mitre link : CVE-2020-13250
CVE.ORG link : CVE-2020-13250
JSON object : View
Products Affected
hashicorp
- consul
CWE
CWE-770
Allocation of Resources Without Limits or Throttling