Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/consul@1.0.7~dfsg1-5
Typedeb
Namespacedebian
Nameconsul
Version1.0.7~dfsg1-5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.8.7+dfsg1-2
Latest_non_vulnerable_version1.8.7+dfsg1-2
Affected_by_vulnerabilities
0
url VCID-2dmf-rj8w-xycm
vulnerability_id VCID-2dmf-rj8w-xycm
summary 
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul/discoverychain
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12758
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70308
published_at 2026-04-21T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70225
published_at 2026-04-02T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70242
published_at 2026-04-04T12:55:00Z
3
value 0.0063
scoring_system epss
scoring_elements 0.70219
published_at 2026-04-07T12:55:00Z
4
value 0.0063
scoring_system epss
scoring_elements 0.70265
published_at 2026-04-08T12:55:00Z
5
value 0.0063
scoring_system epss
scoring_elements 0.7028
published_at 2026-04-09T12:55:00Z
6
value 0.0063
scoring_system epss
scoring_elements 0.70304
published_at 2026-04-11T12:55:00Z
7
value 0.0063
scoring_system epss
scoring_elements 0.70289
published_at 2026-04-12T12:55:00Z
8
value 0.0063
scoring_system epss
scoring_elements 0.70276
published_at 2026-04-13T12:55:00Z
9
value 0.0063
scoring_system epss
scoring_elements 0.70317
published_at 2026-04-16T12:55:00Z
10
value 0.0063
scoring_system epss
scoring_elements 0.70326
published_at 2026-04-18T12:55:00Z
11
value 0.0063
scoring_system epss
scoring_elements 0.70212
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12758
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc
5
reference_url https://github.com/hashicorp/consul/pull/7783
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/7783
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12758
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12758
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-12758, GHSA-q2qr-3c2p-9235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dmf-rj8w-xycm
1
url VCID-467g-8bds-t3ef
vulnerability_id VCID-467g-8bds-t3ef
summary 
HashiCorp Consul Incorrect Access Control vulnerability
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.

### Specific Go Packages Affected
github.com/hashicorp/consul/acl
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12291
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.6198
published_at 2026-04-21T12:55:00Z
1
value 0.0042
scoring_system epss
scoring_elements 0.61895
published_at 2026-04-02T12:55:00Z
2
value 0.0042
scoring_system epss
scoring_elements 0.61926
published_at 2026-04-04T12:55:00Z
3
value 0.0042
scoring_system epss
scoring_elements 0.61897
published_at 2026-04-07T12:55:00Z
4
value 0.0042
scoring_system epss
scoring_elements 0.61946
published_at 2026-04-08T12:55:00Z
5
value 0.0042
scoring_system epss
scoring_elements 0.61963
published_at 2026-04-09T12:55:00Z
6
value 0.0042
scoring_system epss
scoring_elements 0.61984
published_at 2026-04-11T12:55:00Z
7
value 0.0042
scoring_system epss
scoring_elements 0.61973
published_at 2026-04-12T12:55:00Z
8
value 0.0042
scoring_system epss
scoring_elements 0.61953
published_at 2026-04-13T12:55:00Z
9
value 0.0042
scoring_system epss
scoring_elements 0.61995
published_at 2026-04-16T12:55:00Z
10
value 0.0042
scoring_system epss
scoring_elements 0.61999
published_at 2026-04-18T12:55:00Z
11
value 0.0042
scoring_system epss
scoring_elements 0.61822
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12291
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890
4
reference_url https://github.com/hashicorp/consul/issues/5888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5888
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12291
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2019-12291, GHSA-h65h-v7fw-4p38
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-467g-8bds-t3ef
2
url VCID-cqzz-az3e-kych
vulnerability_id VCID-cqzz-az3e-kych
summary 
Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66589
published_at 2026-04-21T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66519
published_at 2026-04-02T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66544
published_at 2026-04-04T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66515
published_at 2026-04-07T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66564
published_at 2026-04-08T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66578
published_at 2026-04-09T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66597
published_at 2026-04-11T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66585
published_at 2026-04-12T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66553
published_at 2026-04-13T12:55:00Z
9
value 0.00514
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-16T12:55:00Z
10
value 0.00514
scoring_system epss
scoring_elements 0.66606
published_at 2026-04-18T12:55:00Z
11
value 0.00514
scoring_system epss
scoring_elements 0.6648
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
5
reference_url https://github.com/hashicorp/consul/pull/8068
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8068
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-13170, GHSA-p2j5-3f4c-224r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych
3
url VCID-ftvt-9nb3-xue3
vulnerability_id VCID-ftvt-9nb3-xue3
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
reference_id
reference_type
scores
0
value 0.8334
scoring_system epss
scoring_elements 0.99275
published_at 2026-04-21T12:55:00Z
1
value 0.8334
scoring_system epss
scoring_elements 0.99274
published_at 2026-04-12T12:55:00Z
2
value 0.8334
scoring_system epss
scoring_elements 0.99273
published_at 2026-04-13T12:55:00Z
3
value 0.84021
scoring_system epss
scoring_elements 0.99304
published_at 2026-04-08T12:55:00Z
4
value 0.84021
scoring_system epss
scoring_elements 0.99306
published_at 2026-04-11T12:55:00Z
5
value 0.84021
scoring_system epss
scoring_elements 0.99298
published_at 2026-04-02T12:55:00Z
6
value 0.84021
scoring_system epss
scoring_elements 0.99301
published_at 2026-04-04T12:55:00Z
7
value 0.84021
scoring_system epss
scoring_elements 0.99305
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
3
reference_url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
4
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
reference_id 1950275
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
reference_id 987351
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
10
reference_url https://security.archlinux.org/AVG-1829
reference_id AVG-1829
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1829
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-25864, GHSA-8xmx-h8rq-h94j
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftvt-9nb3-xue3
4
url VCID-gkgb-5g8x-7fgf
vulnerability_id VCID-gkgb-5g8x-7fgf
summary 
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7219
reference_id
reference_type
scores
0
value 0.01138
scoring_system epss
scoring_elements 0.78418
published_at 2026-04-21T12:55:00Z
1
value 0.01138
scoring_system epss
scoring_elements 0.78394
published_at 2026-04-09T12:55:00Z
2
value 0.01138
scoring_system epss
scoring_elements 0.7842
published_at 2026-04-11T12:55:00Z
3
value 0.01138
scoring_system epss
scoring_elements 0.78403
published_at 2026-04-12T12:55:00Z
4
value 0.01138
scoring_system epss
scoring_elements 0.78395
published_at 2026-04-13T12:55:00Z
5
value 0.01138
scoring_system epss
scoring_elements 0.78424
published_at 2026-04-16T12:55:00Z
6
value 0.01138
scoring_system epss
scoring_elements 0.78423
published_at 2026-04-18T12:55:00Z
7
value 0.01138
scoring_system epss
scoring_elements 0.78341
published_at 2026-04-01T12:55:00Z
8
value 0.01138
scoring_system epss
scoring_elements 0.78347
published_at 2026-04-02T12:55:00Z
9
value 0.01138
scoring_system epss
scoring_elements 0.78378
published_at 2026-04-04T12:55:00Z
10
value 0.01138
scoring_system epss
scoring_elements 0.78362
published_at 2026-04-07T12:55:00Z
11
value 0.01138
scoring_system epss
scoring_elements 0.78388
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219
3
reference_url https://github.com/hashicorp/consul/issues/7159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/7159
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7219
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7219
5
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805866
reference_id 1805866
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805866
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
reference_id 950736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-7219, GHSA-23jv-v6qj-3fhh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-5g8x-7fgf
5
url VCID-gsqu-g2y4-a7ap
vulnerability_id VCID-gsqu-g2y4-a7ap
summary 
Privilege Escalation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49077
published_at 2026-04-21T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49004
published_at 2026-04-01T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49039
published_at 2026-04-02T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49068
published_at 2026-04-04T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49021
published_at 2026-04-07T12:55:00Z
5
value 0.00257
scoring_system epss
scoring_elements 0.49075
published_at 2026-04-08T12:55:00Z
6
value 0.00257
scoring_system epss
scoring_elements 0.49071
published_at 2026-04-09T12:55:00Z
7
value 0.00257
scoring_system epss
scoring_elements 0.49088
published_at 2026-04-11T12:55:00Z
8
value 0.00257
scoring_system epss
scoring_elements 0.4906
published_at 2026-04-12T12:55:00Z
9
value 0.00257
scoring_system epss
scoring_elements 0.49067
published_at 2026-04-13T12:55:00Z
10
value 0.00257
scoring_system epss
scoring_elements 0.49112
published_at 2026-04-16T12:55:00Z
11
value 0.00257
scoring_system epss
scoring_elements 0.49109
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
3
reference_url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
4
reference_url https://github.com/hashicorp/consul/pull/9240
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9240
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
reference_id 975584
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
9
reference_url https://security.archlinux.org/AVG-1294
reference_id AVG-1294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1294
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-28053, GHSA-6m72-467w-94rh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqu-g2y4-a7ap
6
url VCID-jm2d-ejbf-qfhz
vulnerability_id VCID-jm2d-ejbf-qfhz
summary 
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

### Specific Go Packages Affected
github.com/hashicorp/consul/agent/config

### Fix
The vulnerability is fixed in versions 1.6.6 and 1.7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13250
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.75186
published_at 2026-04-21T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75109
published_at 2026-04-01T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.75112
published_at 2026-04-02T12:55:00Z
3
value 0.00867
scoring_system epss
scoring_elements 0.75142
published_at 2026-04-04T12:55:00Z
4
value 0.00867
scoring_system epss
scoring_elements 0.75119
published_at 2026-04-07T12:55:00Z
5
value 0.00867
scoring_system epss
scoring_elements 0.75153
published_at 2026-04-13T12:55:00Z
6
value 0.00867
scoring_system epss
scoring_elements 0.75165
published_at 2026-04-12T12:55:00Z
7
value 0.00867
scoring_system epss
scoring_elements 0.75187
published_at 2026-04-11T12:55:00Z
8
value 0.00867
scoring_system epss
scoring_elements 0.7519
published_at 2026-04-16T12:55:00Z
9
value 0.00867
scoring_system epss
scoring_elements 0.75197
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13250
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
5
reference_url https://github.com/hashicorp/consul/pull/8023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8023
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13250
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13250
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-13250, GHSA-rqjq-mrgx-85hp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm2d-ejbf-qfhz
7
url VCID-mv9z-hxmr-skfp
vulnerability_id VCID-mv9z-hxmr-skfp
summary 
Denial of service in HashiCorp Consul
HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
reference_id
reference_type
scores
0
value 0.01543
scoring_system epss
scoring_elements 0.81419
published_at 2026-04-21T12:55:00Z
1
value 0.01543
scoring_system epss
scoring_elements 0.81316
published_at 2026-04-01T12:55:00Z
2
value 0.01543
scoring_system epss
scoring_elements 0.81325
published_at 2026-04-02T12:55:00Z
3
value 0.01543
scoring_system epss
scoring_elements 0.81347
published_at 2026-04-04T12:55:00Z
4
value 0.01543
scoring_system epss
scoring_elements 0.81346
published_at 2026-04-07T12:55:00Z
5
value 0.01543
scoring_system epss
scoring_elements 0.81374
published_at 2026-04-08T12:55:00Z
6
value 0.01543
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-09T12:55:00Z
7
value 0.01543
scoring_system epss
scoring_elements 0.81401
published_at 2026-04-11T12:55:00Z
8
value 0.01543
scoring_system epss
scoring_elements 0.81388
published_at 2026-04-12T12:55:00Z
9
value 0.01543
scoring_system epss
scoring_elements 0.8138
published_at 2026-04-13T12:55:00Z
10
value 0.01543
scoring_system epss
scoring_elements 0.81417
published_at 2026-04-16T12:55:00Z
11
value 0.01543
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
3
reference_url https://github.com/hashicorp/consul/pull/9024
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9024
4
reference_url https://github.com/hashicorp/consul/releases/tag/v1.8.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.8.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
reference_id 973892
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
9
reference_url https://security.archlinux.org/AVG-1295
reference_id AVG-1295
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1295
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-25201, GHSA-496g-fr33-whrf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv9z-hxmr-skfp
8
url VCID-pet2-hhx7-g7fc
vulnerability_id VCID-pet2-hhx7-g7fc
summary 
HashiCorp Consul can use cleartext agent-to-agent RPC communication
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the `verify_outgoing` setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19653
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.6246
published_at 2026-04-21T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62377
published_at 2026-04-02T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62407
published_at 2026-04-04T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62372
published_at 2026-04-07T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62421
published_at 2026-04-08T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62438
published_at 2026-04-09T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62457
published_at 2026-04-11T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62447
published_at 2026-04-12T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62425
published_at 2026-04-13T12:55:00Z
9
value 0.00427
scoring_system epss
scoring_elements 0.62469
published_at 2026-04-16T12:55:00Z
10
value 0.00427
scoring_system epss
scoring_elements 0.62476
published_at 2026-04-18T12:55:00Z
11
value 0.00427
scoring_system epss
scoring_elements 0.62319
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19653
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c
4
reference_url https://github.com/hashicorp/consul/pull/5069
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/5069
5
reference_url https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19653
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19653
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2018-19653, GHSA-4qvx-qq5w-695p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pet2-hhx7-g7fc
9
url VCID-th2f-96u1-syhg
vulnerability_id VCID-th2f-96u1-syhg
summary 
Incorrect Permission Assignment for Critical Resource	in Hashicorp Consul
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/structs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12797
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61173
published_at 2026-04-21T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61023
published_at 2026-04-01T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61101
published_at 2026-04-02T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61129
published_at 2026-04-04T12:55:00Z
4
value 0.00407
scoring_system epss
scoring_elements 0.61095
published_at 2026-04-07T12:55:00Z
5
value 0.00407
scoring_system epss
scoring_elements 0.61143
published_at 2026-04-08T12:55:00Z
6
value 0.00407
scoring_system epss
scoring_elements 0.61158
published_at 2026-04-09T12:55:00Z
7
value 0.00407
scoring_system epss
scoring_elements 0.61178
published_at 2026-04-11T12:55:00Z
8
value 0.00407
scoring_system epss
scoring_elements 0.61165
published_at 2026-04-12T12:55:00Z
9
value 0.00407
scoring_system epss
scoring_elements 0.61146
published_at 2026-04-13T12:55:00Z
10
value 0.00407
scoring_system epss
scoring_elements 0.61186
published_at 2026-04-16T12:55:00Z
11
value 0.00407
scoring_system epss
scoring_elements 0.61192
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12797
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7
5
reference_url https://github.com/hashicorp/consul/issues/5606
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5606
6
reference_url https://github.com/hashicorp/consul/pull/8047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8047
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12797
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12797
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-12797, GHSA-hwqm-x785-qh8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th2f-96u1-syhg
10
url VCID-xzyq-wm1j-dkcu
vulnerability_id VCID-xzyq-wm1j-dkcu
summary 
Incorrect Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56087
published_at 2026-04-21T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56108
published_at 2026-04-09T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56119
published_at 2026-04-11T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56096
published_at 2026-04-12T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56079
published_at 2026-04-13T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56114
published_at 2026-04-16T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.56116
published_at 2026-04-18T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.55942
published_at 2026-04-01T12:55:00Z
8
value 0.00332
scoring_system epss
scoring_elements 0.56053
published_at 2026-04-02T12:55:00Z
9
value 0.00332
scoring_system epss
scoring_elements 0.56074
published_at 2026-04-04T12:55:00Z
10
value 0.00332
scoring_system epss
scoring_elements 0.56052
published_at 2026-04-07T12:55:00Z
11
value 0.00332
scoring_system epss
scoring_elements 0.56104
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
3
reference_url https://github.com/hashicorp/consul/issues/7160
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/7160
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
5
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
reference_id 1805875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
reference_id 950736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2
aliases CVE-2020-7955, GHSA-r9w6-rhh9-7v53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzyq-wm1j-dkcu
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.0.7~dfsg1-5