Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
Typedeb
Namespacedebian
Nameconsul
Version1.8.7+dfsg1-2
Qualifiers
distro bullseye
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2dmf-rj8w-xycm
vulnerability_id VCID-2dmf-rj8w-xycm
summary 
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul/discoverychain
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12758
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70308
published_at 2026-04-21T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70225
published_at 2026-04-02T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70242
published_at 2026-04-04T12:55:00Z
3
value 0.0063
scoring_system epss
scoring_elements 0.70219
published_at 2026-04-07T12:55:00Z
4
value 0.0063
scoring_system epss
scoring_elements 0.70265
published_at 2026-04-08T12:55:00Z
5
value 0.0063
scoring_system epss
scoring_elements 0.7028
published_at 2026-04-09T12:55:00Z
6
value 0.0063
scoring_system epss
scoring_elements 0.70304
published_at 2026-04-11T12:55:00Z
7
value 0.0063
scoring_system epss
scoring_elements 0.70289
published_at 2026-04-12T12:55:00Z
8
value 0.0063
scoring_system epss
scoring_elements 0.70276
published_at 2026-04-13T12:55:00Z
9
value 0.0063
scoring_system epss
scoring_elements 0.70317
published_at 2026-04-16T12:55:00Z
10
value 0.0063
scoring_system epss
scoring_elements 0.70326
published_at 2026-04-18T12:55:00Z
11
value 0.0063
scoring_system epss
scoring_elements 0.70212
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12758
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12758
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/69b44fb9424cfdc05f1b7243876ab10d236ef1fc
5
reference_url https://github.com/hashicorp/consul/pull/7783
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/7783
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12758
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12758
fixed_packages
0
url pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-12758, GHSA-q2qr-3c2p-9235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dmf-rj8w-xycm
1
url VCID-467g-8bds-t3ef
vulnerability_id VCID-467g-8bds-t3ef
summary 
HashiCorp Consul Incorrect Access Control vulnerability
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.

### Specific Go Packages Affected
github.com/hashicorp/consul/acl
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12291
reference_id
reference_type
scores
0
value 0.0042
scoring_system epss
scoring_elements 0.6198
published_at 2026-04-21T12:55:00Z
1
value 0.0042
scoring_system epss
scoring_elements 0.61895
published_at 2026-04-02T12:55:00Z
2
value 0.0042
scoring_system epss
scoring_elements 0.61926
published_at 2026-04-04T12:55:00Z
3
value 0.0042
scoring_system epss
scoring_elements 0.61897
published_at 2026-04-07T12:55:00Z
4
value 0.0042
scoring_system epss
scoring_elements 0.61946
published_at 2026-04-08T12:55:00Z
5
value 0.0042
scoring_system epss
scoring_elements 0.61963
published_at 2026-04-09T12:55:00Z
6
value 0.0042
scoring_system epss
scoring_elements 0.61984
published_at 2026-04-11T12:55:00Z
7
value 0.0042
scoring_system epss
scoring_elements 0.61973
published_at 2026-04-12T12:55:00Z
8
value 0.0042
scoring_system epss
scoring_elements 0.61953
published_at 2026-04-13T12:55:00Z
9
value 0.0042
scoring_system epss
scoring_elements 0.61995
published_at 2026-04-16T12:55:00Z
10
value 0.0042
scoring_system epss
scoring_elements 0.61999
published_at 2026-04-18T12:55:00Z
11
value 0.0042
scoring_system epss
scoring_elements 0.61822
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12291
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12291
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/36ebca1fd0129278487c6570449bc8cc03987890
4
reference_url https://github.com/hashicorp/consul/issues/5888
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5888
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12291
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12291
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
fixed_packages
0
url pkg:deb/debian/consul@1.4.5%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.4.5%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.4.5%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2019-12291, GHSA-h65h-v7fw-4p38
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-467g-8bds-t3ef
2
url VCID-4rvd-1dka-vufc
vulnerability_id VCID-4rvd-1dka-vufc
summary 
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3518
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37742
published_at 2026-04-21T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37808
published_at 2026-04-08T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.3782
published_at 2026-04-09T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37835
published_at 2026-04-11T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37799
published_at 2026-04-12T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37774
published_at 2026-04-13T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37822
published_at 2026-04-16T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37802
published_at 2026-04-18T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37854
published_at 2026-04-02T12:55:00Z
9
value 0.00167
scoring_system epss
scoring_elements 0.37879
published_at 2026-04-04T12:55:00Z
10
value 0.00167
scoring_system epss
scoring_elements 0.37757
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3518
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:42:29Z/
url https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3518
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3518
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-3518, GHSA-9rhf-q362-77mx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rvd-1dka-vufc
3
url VCID-65ru-yj23-qqbr
vulnerability_id VCID-65ru-yj23-qqbr
summary 
HashiCorp Consul L7 deny intention results in an allow action
In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73478
published_at 2026-04-21T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73383
published_at 2026-04-01T12:55:00Z
2
value 0.00765
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-02T12:55:00Z
3
value 0.00765
scoring_system epss
scoring_elements 0.73414
published_at 2026-04-04T12:55:00Z
4
value 0.00765
scoring_system epss
scoring_elements 0.73387
published_at 2026-04-07T12:55:00Z
5
value 0.00765
scoring_system epss
scoring_elements 0.73424
published_at 2026-04-08T12:55:00Z
6
value 0.00765
scoring_system epss
scoring_elements 0.73437
published_at 2026-04-09T12:55:00Z
7
value 0.00765
scoring_system epss
scoring_elements 0.73461
published_at 2026-04-11T12:55:00Z
8
value 0.00765
scoring_system epss
scoring_elements 0.7344
published_at 2026-04-12T12:55:00Z
9
value 0.00765
scoring_system epss
scoring_elements 0.73433
published_at 2026-04-13T12:55:00Z
10
value 0.00765
scoring_system epss
scoring_elements 0.73475
published_at 2026-04-16T12:55:00Z
11
value 0.00765
scoring_system epss
scoring_elements 0.73484
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
1
reference_url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/releases/tag/v1.10.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
5
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
7
reference_url https://security.archlinux.org/ASA-202107-69
reference_id ASA-202107-69
reference_type
scores
url https://security.archlinux.org/ASA-202107-69
8
reference_url https://security.archlinux.org/AVG-2171
reference_id AVG-2171
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2171
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-36213, GHSA-8h2g-r292-j8xh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ru-yj23-qqbr
4
url VCID-a6jm-xxdn-h3f3
vulnerability_id VCID-a6jm-xxdn-h3f3
summary 
HashiCorp Consul vulnerable to Origin Validation Error
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if `verify_server_hostname` were set to false, even when it is actually set to true. This is fixed in 1.4.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9764
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.3996
published_at 2026-04-21T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40047
published_at 2026-04-02T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.40074
published_at 2026-04-04T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.39995
published_at 2026-04-07T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.40049
published_at 2026-04-08T12:55:00Z
5
value 0.00183
scoring_system epss
scoring_elements 0.40063
published_at 2026-04-09T12:55:00Z
6
value 0.00183
scoring_system epss
scoring_elements 0.40073
published_at 2026-04-11T12:55:00Z
7
value 0.00183
scoring_system epss
scoring_elements 0.40036
published_at 2026-04-12T12:55:00Z
8
value 0.00183
scoring_system epss
scoring_elements 0.40017
published_at 2026-04-13T12:55:00Z
9
value 0.00183
scoring_system epss
scoring_elements 0.40067
published_at 2026-04-16T12:55:00Z
10
value 0.00183
scoring_system epss
scoring_elements 0.40038
published_at 2026-04-18T12:55:00Z
11
value 0.00183
scoring_system epss
scoring_elements 0.399
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9764
1
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
2
reference_url https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40
3
reference_url https://github.com/hashicorp/consul/issues/5519
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5519
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9764
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9764
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2019-9764, GHSA-q7fx-wm2p-qfj8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6jm-xxdn-h3f3
5
url VCID-cqzz-az3e-kych
vulnerability_id VCID-cqzz-az3e-kych
summary 
Improper Input Validation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
reference_id
reference_type
scores
0
value 0.00514
scoring_system epss
scoring_elements 0.66589
published_at 2026-04-21T12:55:00Z
1
value 0.00514
scoring_system epss
scoring_elements 0.66519
published_at 2026-04-02T12:55:00Z
2
value 0.00514
scoring_system epss
scoring_elements 0.66544
published_at 2026-04-04T12:55:00Z
3
value 0.00514
scoring_system epss
scoring_elements 0.66515
published_at 2026-04-07T12:55:00Z
4
value 0.00514
scoring_system epss
scoring_elements 0.66564
published_at 2026-04-08T12:55:00Z
5
value 0.00514
scoring_system epss
scoring_elements 0.66578
published_at 2026-04-09T12:55:00Z
6
value 0.00514
scoring_system epss
scoring_elements 0.66597
published_at 2026-04-11T12:55:00Z
7
value 0.00514
scoring_system epss
scoring_elements 0.66585
published_at 2026-04-12T12:55:00Z
8
value 0.00514
scoring_system epss
scoring_elements 0.66553
published_at 2026-04-13T12:55:00Z
9
value 0.00514
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-16T12:55:00Z
10
value 0.00514
scoring_system epss
scoring_elements 0.66606
published_at 2026-04-18T12:55:00Z
11
value 0.00514
scoring_system epss
scoring_elements 0.6648
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13170
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13170
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/242994a016a181d6c62a5bb83189716ad13d4216
5
reference_url https://github.com/hashicorp/consul/pull/8068
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8068
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13170
fixed_packages
0
url pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-13170, GHSA-p2j5-3f4c-224r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cqzz-az3e-kych
6
url VCID-e8wd-mxwb-rqdj
vulnerability_id VCID-e8wd-mxwb-rqdj
summary 
Missing Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3920.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3920
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.6229
published_at 2026-04-21T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62199
published_at 2026-04-07T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.62249
published_at 2026-04-08T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.62267
published_at 2026-04-09T12:55:00Z
4
value 0.00426
scoring_system epss
scoring_elements 0.62285
published_at 2026-04-11T12:55:00Z
5
value 0.00426
scoring_system epss
scoring_elements 0.62274
published_at 2026-04-12T12:55:00Z
6
value 0.00426
scoring_system epss
scoring_elements 0.62253
published_at 2026-04-13T12:55:00Z
7
value 0.00426
scoring_system epss
scoring_elements 0.62298
published_at 2026-04-16T12:55:00Z
8
value 0.00426
scoring_system epss
scoring_elements 0.62305
published_at 2026-04-18T12:55:00Z
9
value 0.00426
scoring_system epss
scoring_elements 0.62202
published_at 2026-04-02T12:55:00Z
10
value 0.00426
scoring_system epss
scoring_elements 0.62233
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3920
2
reference_url https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T20:01:41Z/
url https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
3
reference_url https://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3920
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148169
reference_id 2148169
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2148169
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2022-3920, GHSA-gw2g-hhc9-wgjh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8wd-mxwb-rqdj
7
url VCID-ftvt-9nb3-xue3
vulnerability_id VCID-ftvt-9nb3-xue3
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25864.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
reference_id
reference_type
scores
0
value 0.8334
scoring_system epss
scoring_elements 0.99275
published_at 2026-04-21T12:55:00Z
1
value 0.8334
scoring_system epss
scoring_elements 0.99274
published_at 2026-04-12T12:55:00Z
2
value 0.8334
scoring_system epss
scoring_elements 0.99273
published_at 2026-04-13T12:55:00Z
3
value 0.84021
scoring_system epss
scoring_elements 0.99304
published_at 2026-04-08T12:55:00Z
4
value 0.84021
scoring_system epss
scoring_elements 0.99306
published_at 2026-04-11T12:55:00Z
5
value 0.84021
scoring_system epss
scoring_elements 0.99298
published_at 2026-04-02T12:55:00Z
6
value 0.84021
scoring_system epss
scoring_elements 0.99301
published_at 2026-04-04T12:55:00Z
7
value 0.84021
scoring_system epss
scoring_elements 0.99305
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25864
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25864
3
reference_url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
4
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25864
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
reference_id 1950275
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950275
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
reference_id 987351
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987351
10
reference_url https://security.archlinux.org/AVG-1829
reference_id AVG-1829
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1829
fixed_packages
0
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-25864, GHSA-8xmx-h8rq-h94j
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ftvt-9nb3-xue3
8
url VCID-gkgb-5g8x-7fgf
vulnerability_id VCID-gkgb-5g8x-7fgf
summary 
Denial of Service (DoS) in HashiCorp Consul
HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

### Specific Go Packages Affected
github.com/hashicorp/consul/agent/consul
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7219.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7219
reference_id
reference_type
scores
0
value 0.01138
scoring_system epss
scoring_elements 0.78418
published_at 2026-04-21T12:55:00Z
1
value 0.01138
scoring_system epss
scoring_elements 0.78394
published_at 2026-04-09T12:55:00Z
2
value 0.01138
scoring_system epss
scoring_elements 0.7842
published_at 2026-04-11T12:55:00Z
3
value 0.01138
scoring_system epss
scoring_elements 0.78403
published_at 2026-04-12T12:55:00Z
4
value 0.01138
scoring_system epss
scoring_elements 0.78395
published_at 2026-04-13T12:55:00Z
5
value 0.01138
scoring_system epss
scoring_elements 0.78424
published_at 2026-04-16T12:55:00Z
6
value 0.01138
scoring_system epss
scoring_elements 0.78423
published_at 2026-04-18T12:55:00Z
7
value 0.01138
scoring_system epss
scoring_elements 0.78341
published_at 2026-04-01T12:55:00Z
8
value 0.01138
scoring_system epss
scoring_elements 0.78347
published_at 2026-04-02T12:55:00Z
9
value 0.01138
scoring_system epss
scoring_elements 0.78378
published_at 2026-04-04T12:55:00Z
10
value 0.01138
scoring_system epss
scoring_elements 0.78362
published_at 2026-04-07T12:55:00Z
11
value 0.01138
scoring_system epss
scoring_elements 0.78388
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7219
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7219
3
reference_url https://github.com/hashicorp/consul/issues/7159
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/7159
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7219
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7219
5
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805866
reference_id 1805866
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805866
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
reference_id 950736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
fixed_packages
0
url pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.0%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-7219, GHSA-23jv-v6qj-3fhh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkgb-5g8x-7fgf
9
url VCID-gsqu-g2y4-a7ap
vulnerability_id VCID-gsqu-g2y4-a7ap
summary 
Privilege Escalation in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
reference_id
reference_type
scores
0
value 0.00257
scoring_system epss
scoring_elements 0.49077
published_at 2026-04-21T12:55:00Z
1
value 0.00257
scoring_system epss
scoring_elements 0.49004
published_at 2026-04-01T12:55:00Z
2
value 0.00257
scoring_system epss
scoring_elements 0.49039
published_at 2026-04-02T12:55:00Z
3
value 0.00257
scoring_system epss
scoring_elements 0.49068
published_at 2026-04-04T12:55:00Z
4
value 0.00257
scoring_system epss
scoring_elements 0.49021
published_at 2026-04-07T12:55:00Z
5
value 0.00257
scoring_system epss
scoring_elements 0.49075
published_at 2026-04-08T12:55:00Z
6
value 0.00257
scoring_system epss
scoring_elements 0.49071
published_at 2026-04-09T12:55:00Z
7
value 0.00257
scoring_system epss
scoring_elements 0.49088
published_at 2026-04-11T12:55:00Z
8
value 0.00257
scoring_system epss
scoring_elements 0.4906
published_at 2026-04-12T12:55:00Z
9
value 0.00257
scoring_system epss
scoring_elements 0.49067
published_at 2026-04-13T12:55:00Z
10
value 0.00257
scoring_system epss
scoring_elements 0.49112
published_at 2026-04-16T12:55:00Z
11
value 0.00257
scoring_system epss
scoring_elements 0.49109
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28053
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
3
reference_url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/ff5215d882ac51b49c2647aac46b42aa9c890ce3
4
reference_url https://github.com/hashicorp/consul/pull/9240
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9240
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-28053
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
reference_id 975584
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584
9
reference_url https://security.archlinux.org/AVG-1294
reference_id AVG-1294
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1294
fixed_packages
0
url pkg:deb/debian/consul@1.8.6%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.8.6%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.6%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-28053, GHSA-6m72-467w-94rh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsqu-g2y4-a7ap
10
url VCID-jm2d-ejbf-qfhz
vulnerability_id VCID-jm2d-ejbf-qfhz
summary 
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service.

### Specific Go Packages Affected
github.com/hashicorp/consul/agent/config

### Fix
The vulnerability is fixed in versions 1.6.6 and 1.7.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13250
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.75186
published_at 2026-04-21T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75109
published_at 2026-04-01T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.75112
published_at 2026-04-02T12:55:00Z
3
value 0.00867
scoring_system epss
scoring_elements 0.75142
published_at 2026-04-04T12:55:00Z
4
value 0.00867
scoring_system epss
scoring_elements 0.75119
published_at 2026-04-07T12:55:00Z
5
value 0.00867
scoring_system epss
scoring_elements 0.75153
published_at 2026-04-13T12:55:00Z
6
value 0.00867
scoring_system epss
scoring_elements 0.75165
published_at 2026-04-12T12:55:00Z
7
value 0.00867
scoring_system epss
scoring_elements 0.75187
published_at 2026-04-11T12:55:00Z
8
value 0.00867
scoring_system epss
scoring_elements 0.7519
published_at 2026-04-16T12:55:00Z
9
value 0.00867
scoring_system epss
scoring_elements 0.75197
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13250
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13250
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/72f92ae7ca4cabc1dc3069362a9b64ef46941432
5
reference_url https://github.com/hashicorp/consul/pull/8023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8023
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13250
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13250
fixed_packages
0
url pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-13250, GHSA-rqjq-mrgx-85hp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jm2d-ejbf-qfhz
11
url VCID-kf3v-xwjs-ube6
vulnerability_id VCID-kf3v-xwjs-ube6
summary 
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8336
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58276
published_at 2026-04-04T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58297
published_at 2026-04-21T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.5832
published_at 2026-04-18T12:55:00Z
3
value 0.00362
scoring_system epss
scoring_elements 0.58317
published_at 2026-04-16T12:55:00Z
4
value 0.00362
scoring_system epss
scoring_elements 0.58285
published_at 2026-04-13T12:55:00Z
5
value 0.00362
scoring_system epss
scoring_elements 0.58305
published_at 2026-04-12T12:55:00Z
6
value 0.00362
scoring_system epss
scoring_elements 0.58328
published_at 2026-04-11T12:55:00Z
7
value 0.00362
scoring_system epss
scoring_elements 0.58255
published_at 2026-04-02T12:55:00Z
8
value 0.00362
scoring_system epss
scoring_elements 0.5831
published_at 2026-04-09T12:55:00Z
9
value 0.00362
scoring_system epss
scoring_elements 0.58304
published_at 2026-04-08T12:55:00Z
10
value 0.00362
scoring_system epss
scoring_elements 0.58169
published_at 2026-04-01T12:55:00Z
11
value 0.00362
scoring_system epss
scoring_elements 0.5825
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8336
1
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
2
reference_url https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
3
reference_url https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
4
reference_url https://github.com/hashicorp/consul/issues/5423
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5423
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8336
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8336
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2019-8336, GHSA-fhm8-cxcv-pwvc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf3v-xwjs-ube6
12
url VCID-mv9z-hxmr-skfp
vulnerability_id VCID-mv9z-hxmr-skfp
summary 
Denial of service in HashiCorp Consul
HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
reference_id
reference_type
scores
0
value 0.01543
scoring_system epss
scoring_elements 0.81419
published_at 2026-04-21T12:55:00Z
1
value 0.01543
scoring_system epss
scoring_elements 0.81316
published_at 2026-04-01T12:55:00Z
2
value 0.01543
scoring_system epss
scoring_elements 0.81325
published_at 2026-04-02T12:55:00Z
3
value 0.01543
scoring_system epss
scoring_elements 0.81347
published_at 2026-04-04T12:55:00Z
4
value 0.01543
scoring_system epss
scoring_elements 0.81346
published_at 2026-04-07T12:55:00Z
5
value 0.01543
scoring_system epss
scoring_elements 0.81374
published_at 2026-04-08T12:55:00Z
6
value 0.01543
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-09T12:55:00Z
7
value 0.01543
scoring_system epss
scoring_elements 0.81401
published_at 2026-04-11T12:55:00Z
8
value 0.01543
scoring_system epss
scoring_elements 0.81388
published_at 2026-04-12T12:55:00Z
9
value 0.01543
scoring_system epss
scoring_elements 0.8138
published_at 2026-04-13T12:55:00Z
10
value 0.01543
scoring_system epss
scoring_elements 0.81417
published_at 2026-04-16T12:55:00Z
11
value 0.01543
scoring_system epss
scoring_elements 0.81418
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25201
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25201
2
reference_url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020
3
reference_url https://github.com/hashicorp/consul/pull/9024
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/9024
4
reference_url https://github.com/hashicorp/consul/releases/tag/v1.8.5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.8.5
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25201
6
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
7
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
reference_id 973892
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973892
9
reference_url https://security.archlinux.org/AVG-1295
reference_id AVG-1295
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1295
fixed_packages
0
url pkg:deb/debian/consul@1.8.6%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.8.6%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.6%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-25201, GHSA-496g-fr33-whrf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mv9z-hxmr-skfp
13
url VCID-pet2-hhx7-g7fc
vulnerability_id VCID-pet2-hhx7-g7fc
summary 
HashiCorp Consul can use cleartext agent-to-agent RPC communication
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the `verify_outgoing` setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-19653
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.6246
published_at 2026-04-21T12:55:00Z
1
value 0.00427
scoring_system epss
scoring_elements 0.62377
published_at 2026-04-02T12:55:00Z
2
value 0.00427
scoring_system epss
scoring_elements 0.62407
published_at 2026-04-04T12:55:00Z
3
value 0.00427
scoring_system epss
scoring_elements 0.62372
published_at 2026-04-07T12:55:00Z
4
value 0.00427
scoring_system epss
scoring_elements 0.62421
published_at 2026-04-08T12:55:00Z
5
value 0.00427
scoring_system epss
scoring_elements 0.62438
published_at 2026-04-09T12:55:00Z
6
value 0.00427
scoring_system epss
scoring_elements 0.62457
published_at 2026-04-11T12:55:00Z
7
value 0.00427
scoring_system epss
scoring_elements 0.62447
published_at 2026-04-12T12:55:00Z
8
value 0.00427
scoring_system epss
scoring_elements 0.62425
published_at 2026-04-13T12:55:00Z
9
value 0.00427
scoring_system epss
scoring_elements 0.62469
published_at 2026-04-16T12:55:00Z
10
value 0.00427
scoring_system epss
scoring_elements 0.62476
published_at 2026-04-18T12:55:00Z
11
value 0.00427
scoring_system epss
scoring_elements 0.62319
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-19653
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19653
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55c
4
reference_url https://github.com/hashicorp/consul/pull/5069
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/5069
5
reference_url https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19653
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-19653
fixed_packages
0
url pkg:deb/debian/consul@1.4.4~dfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.4.4~dfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.4.4~dfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2018-19653, GHSA-4qvx-qq5w-695p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pet2-hhx7-g7fc
14
url VCID-pqcu-293u-vbhp
vulnerability_id VCID-pqcu-293u-vbhp
summary 
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2816
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36985
published_at 2026-04-21T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.37055
published_at 2026-04-08T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37068
published_at 2026-04-09T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37077
published_at 2026-04-11T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.37043
published_at 2026-04-12T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.37016
published_at 2026-04-13T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37061
published_at 2026-04-16T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.37044
published_at 2026-04-18T12:55:00Z
8
value 0.00161
scoring_system epss
scoring_elements 0.37142
published_at 2026-04-02T12:55:00Z
9
value 0.00161
scoring_system epss
scoring_elements 0.37174
published_at 2026-04-04T12:55:00Z
10
value 0.00161
scoring_system epss
scoring_elements 0.37004
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2816
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-07T20:11:32Z/
url https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2816
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2816
4
reference_url https://security.gentoo.org/glsa/202412-14
reference_id GLSA-202412-14
reference_type
scores
url https://security.gentoo.org/glsa/202412-14
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-2816, GHSA-rqjq-ww83-wv5c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqcu-293u-vbhp
15
url VCID-r7p6-mxej-uqak
vulnerability_id VCID-r7p6-mxej-uqak
summary 
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0845.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0845.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0845
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60112
published_at 2026-04-18T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60106
published_at 2026-04-16T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.60067
published_at 2026-04-13T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.60084
published_at 2026-04-12T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.60099
published_at 2026-04-21T12:55:00Z
5
value 0.0039
scoring_system epss
scoring_elements 0.60078
published_at 2026-04-09T12:55:00Z
6
value 0.0039
scoring_system epss
scoring_elements 0.60019
published_at 2026-04-02T12:55:00Z
7
value 0.0039
scoring_system epss
scoring_elements 0.60064
published_at 2026-04-08T12:55:00Z
8
value 0.0039
scoring_system epss
scoring_elements 0.60044
published_at 2026-04-04T12:55:00Z
9
value 0.0039
scoring_system epss
scoring_elements 0.60014
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0845
2
reference_url https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
3
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0845
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0845
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177595
reference_id 2177595
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177595
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-0845, GHSA-wj6x-hcc2-f32j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7p6-mxej-uqak
16
url VCID-tfrv-ak5x-5qg7
vulnerability_id VCID-tfrv-ak5x-5qg7
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63813
published_at 2026-04-21T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63781
published_at 2026-04-13T12:55:00Z
2
value 0.00453
scoring_system epss
scoring_elements 0.63816
published_at 2026-04-16T12:55:00Z
3
value 0.00453
scoring_system epss
scoring_elements 0.63826
published_at 2026-04-18T12:55:00Z
4
value 0.00453
scoring_system epss
scoring_elements 0.63789
published_at 2026-04-04T12:55:00Z
5
value 0.00453
scoring_system epss
scoring_elements 0.63746
published_at 2026-04-07T12:55:00Z
6
value 0.00453
scoring_system epss
scoring_elements 0.63798
published_at 2026-04-08T12:55:00Z
7
value 0.00453
scoring_system epss
scoring_elements 0.63815
published_at 2026-04-09T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63828
published_at 2026-04-11T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63814
published_at 2026-04-12T12:55:00Z
10
value 0.01279
scoring_system epss
scoring_elements 0.79527
published_at 2026-04-02T12:55:00Z
11
value 0.01279
scoring_system epss
scoring_elements 0.7952
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
reference_id 1950492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
3
reference_url https://security.archlinux.org/AVG-1830
reference_id AVG-1830
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1830
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-28156
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrv-ak5x-5qg7
17
url VCID-th2f-96u1-syhg
vulnerability_id VCID-th2f-96u1-syhg
summary 
Incorrect Permission Assignment for Critical Resource	in Hashicorp Consul
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
### Specific Go Packages Affected
github.com/hashicorp/consul/agent/structs
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12797
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61173
published_at 2026-04-21T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61023
published_at 2026-04-01T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61101
published_at 2026-04-02T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61129
published_at 2026-04-04T12:55:00Z
4
value 0.00407
scoring_system epss
scoring_elements 0.61095
published_at 2026-04-07T12:55:00Z
5
value 0.00407
scoring_system epss
scoring_elements 0.61143
published_at 2026-04-08T12:55:00Z
6
value 0.00407
scoring_system epss
scoring_elements 0.61158
published_at 2026-04-09T12:55:00Z
7
value 0.00407
scoring_system epss
scoring_elements 0.61178
published_at 2026-04-11T12:55:00Z
8
value 0.00407
scoring_system epss
scoring_elements 0.61165
published_at 2026-04-12T12:55:00Z
9
value 0.00407
scoring_system epss
scoring_elements 0.61146
published_at 2026-04-13T12:55:00Z
10
value 0.00407
scoring_system epss
scoring_elements 0.61186
published_at 2026-04-16T12:55:00Z
11
value 0.00407
scoring_system epss
scoring_elements 0.61192
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12797
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12797
2
reference_url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md
3
reference_url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
4
reference_url https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/98eea08d3ba1b220a14cf6eedf3b6b07ae2795d7
5
reference_url https://github.com/hashicorp/consul/issues/5606
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5606
6
reference_url https://github.com/hashicorp/consul/pull/8047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/pull/8047
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12797
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12797
fixed_packages
0
url pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.4%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.4%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-12797, GHSA-hwqm-x785-qh8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-th2f-96u1-syhg
18
url VCID-tn8b-w652-1ydg
vulnerability_id VCID-tn8b-w652-1ydg
summary 
Hashicorp Consul vulnerable to denial of service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1297
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47528
published_at 2026-04-21T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47468
published_at 2026-04-07T12:55:00Z
2
value 0.00243
scoring_system epss
scoring_elements 0.47522
published_at 2026-04-08T12:55:00Z
3
value 0.00243
scoring_system epss
scoring_elements 0.47542
published_at 2026-04-11T12:55:00Z
4
value 0.00243
scoring_system epss
scoring_elements 0.47518
published_at 2026-04-12T12:55:00Z
5
value 0.00243
scoring_system epss
scoring_elements 0.47526
published_at 2026-04-13T12:55:00Z
6
value 0.00243
scoring_system epss
scoring_elements 0.47584
published_at 2026-04-16T12:55:00Z
7
value 0.00243
scoring_system epss
scoring_elements 0.47577
published_at 2026-04-18T12:55:00Z
8
value 0.00243
scoring_system epss
scoring_elements 0.47498
published_at 2026-04-02T12:55:00Z
9
value 0.00243
scoring_system epss
scoring_elements 0.47519
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1297
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:50:24Z/
url https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1297
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1297
4
reference_url https://security.gentoo.org/glsa/202412-14
reference_id GLSA-202412-14
reference_type
scores
url https://security.gentoo.org/glsa/202412-14
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-1297, GHSA-c57c-7hrj-6q6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn8b-w652-1ydg
19
url VCID-uxvb-etj2-zud6
vulnerability_id VCID-uxvb-etj2-zud6
summary HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41805
reference_id
reference_type
scores
0
value 0.04449
scoring_system epss
scoring_elements 0.89072
published_at 2026-04-21T12:55:00Z
1
value 0.04449
scoring_system epss
scoring_elements 0.89008
published_at 2026-04-01T12:55:00Z
2
value 0.04449
scoring_system epss
scoring_elements 0.89016
published_at 2026-04-02T12:55:00Z
3
value 0.04449
scoring_system epss
scoring_elements 0.89031
published_at 2026-04-04T12:55:00Z
4
value 0.04449
scoring_system epss
scoring_elements 0.89033
published_at 2026-04-07T12:55:00Z
5
value 0.04449
scoring_system epss
scoring_elements 0.89051
published_at 2026-04-08T12:55:00Z
6
value 0.04449
scoring_system epss
scoring_elements 0.89056
published_at 2026-04-09T12:55:00Z
7
value 0.04449
scoring_system epss
scoring_elements 0.89068
published_at 2026-04-11T12:55:00Z
8
value 0.04449
scoring_system epss
scoring_elements 0.89064
published_at 2026-04-12T12:55:00Z
9
value 0.04449
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-13T12:55:00Z
10
value 0.04449
scoring_system epss
scoring_elements 0.89076
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41805
1
reference_url https://security.archlinux.org/AVG-2594
reference_id AVG-2594
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2594
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-41805
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxvb-etj2-zud6
20
url VCID-xzyq-wm1j-dkcu
vulnerability_id VCID-xzyq-wm1j-dkcu
summary 
Incorrect Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7955.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.56087
published_at 2026-04-21T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56108
published_at 2026-04-09T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56119
published_at 2026-04-11T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56096
published_at 2026-04-12T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56079
published_at 2026-04-13T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56114
published_at 2026-04-16T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.56116
published_at 2026-04-18T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.55942
published_at 2026-04-01T12:55:00Z
8
value 0.00332
scoring_system epss
scoring_elements 0.56053
published_at 2026-04-02T12:55:00Z
9
value 0.00332
scoring_system epss
scoring_elements 0.56074
published_at 2026-04-04T12:55:00Z
10
value 0.00332
scoring_system epss
scoring_elements 0.56052
published_at 2026-04-07T12:55:00Z
11
value 0.00332
scoring_system epss
scoring_elements 0.56104
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7955
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7955
3
reference_url https://github.com/hashicorp/consul/issues/7160
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/7160
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7955
5
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
reference_id 1805875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1805875
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
reference_id 950736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950736
fixed_packages
0
url pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
purl pkg:deb/debian/consul@1.7.0%2Bdfsg1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.7.0%252Bdfsg1-1%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2020-7955, GHSA-r9w6-rhh9-7v53
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzyq-wm1j-dkcu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye