Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/consul@0?distro=bullseye
Typedeb
Namespacedebian
Nameconsul
Version0
Qualifiers
distro bullseye
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.4~dfsg1-1
Latest_non_vulnerable_version1.8.7+dfsg1-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4rvd-1dka-vufc
vulnerability_id VCID-4rvd-1dka-vufc
summary 
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3518
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37742
published_at 2026-04-21T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37808
published_at 2026-04-08T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.3782
published_at 2026-04-09T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37835
published_at 2026-04-11T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.37799
published_at 2026-04-12T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37774
published_at 2026-04-13T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37822
published_at 2026-04-16T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37802
published_at 2026-04-18T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37854
published_at 2026-04-02T12:55:00Z
9
value 0.00167
scoring_system epss
scoring_elements 0.37879
published_at 2026-04-04T12:55:00Z
10
value 0.00167
scoring_system epss
scoring_elements 0.37757
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3518
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:42:29Z/
url https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3518
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3518
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-3518, GHSA-9rhf-q362-77mx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rvd-1dka-vufc
1
url VCID-65ru-yj23-qqbr
vulnerability_id VCID-65ru-yj23-qqbr
summary 
HashiCorp Consul L7 deny intention results in an allow action
In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
reference_id
reference_type
scores
0
value 0.00765
scoring_system epss
scoring_elements 0.73478
published_at 2026-04-21T12:55:00Z
1
value 0.00765
scoring_system epss
scoring_elements 0.73383
published_at 2026-04-01T12:55:00Z
2
value 0.00765
scoring_system epss
scoring_elements 0.73392
published_at 2026-04-02T12:55:00Z
3
value 0.00765
scoring_system epss
scoring_elements 0.73414
published_at 2026-04-04T12:55:00Z
4
value 0.00765
scoring_system epss
scoring_elements 0.73387
published_at 2026-04-07T12:55:00Z
5
value 0.00765
scoring_system epss
scoring_elements 0.73424
published_at 2026-04-08T12:55:00Z
6
value 0.00765
scoring_system epss
scoring_elements 0.73437
published_at 2026-04-09T12:55:00Z
7
value 0.00765
scoring_system epss
scoring_elements 0.73461
published_at 2026-04-11T12:55:00Z
8
value 0.00765
scoring_system epss
scoring_elements 0.7344
published_at 2026-04-12T12:55:00Z
9
value 0.00765
scoring_system epss
scoring_elements 0.73433
published_at 2026-04-13T12:55:00Z
10
value 0.00765
scoring_system epss
scoring_elements 0.73475
published_at 2026-04-16T12:55:00Z
11
value 0.00765
scoring_system epss
scoring_elements 0.73484
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-36213
1
reference_url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://github.com/hashicorp/consul/releases/tag/v1.10.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/releases/tag/v1.10.1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-36213
5
reference_url https://security.gentoo.org/glsa/202208-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-09
6
reference_url https://www.hashicorp.com/blog/category/consul
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.hashicorp.com/blog/category/consul
7
reference_url https://security.archlinux.org/ASA-202107-69
reference_id ASA-202107-69
reference_type
scores
url https://security.archlinux.org/ASA-202107-69
8
reference_url https://security.archlinux.org/AVG-2171
reference_id AVG-2171
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2171
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-36213, GHSA-8h2g-r292-j8xh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65ru-yj23-qqbr
2
url VCID-a6jm-xxdn-h3f3
vulnerability_id VCID-a6jm-xxdn-h3f3
summary 
HashiCorp Consul vulnerable to Origin Validation Error
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if `verify_server_hostname` were set to false, even when it is actually set to true. This is fixed in 1.4.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-9764
reference_id
reference_type
scores
0
value 0.00183
scoring_system epss
scoring_elements 0.3996
published_at 2026-04-21T12:55:00Z
1
value 0.00183
scoring_system epss
scoring_elements 0.40047
published_at 2026-04-02T12:55:00Z
2
value 0.00183
scoring_system epss
scoring_elements 0.40074
published_at 2026-04-04T12:55:00Z
3
value 0.00183
scoring_system epss
scoring_elements 0.39995
published_at 2026-04-07T12:55:00Z
4
value 0.00183
scoring_system epss
scoring_elements 0.40049
published_at 2026-04-08T12:55:00Z
5
value 0.00183
scoring_system epss
scoring_elements 0.40063
published_at 2026-04-09T12:55:00Z
6
value 0.00183
scoring_system epss
scoring_elements 0.40073
published_at 2026-04-11T12:55:00Z
7
value 0.00183
scoring_system epss
scoring_elements 0.40036
published_at 2026-04-12T12:55:00Z
8
value 0.00183
scoring_system epss
scoring_elements 0.40017
published_at 2026-04-13T12:55:00Z
9
value 0.00183
scoring_system epss
scoring_elements 0.40067
published_at 2026-04-16T12:55:00Z
10
value 0.00183
scoring_system epss
scoring_elements 0.40038
published_at 2026-04-18T12:55:00Z
11
value 0.00183
scoring_system epss
scoring_elements 0.399
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-9764
1
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
2
reference_url https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40
3
reference_url https://github.com/hashicorp/consul/issues/5519
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5519
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-9764
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-9764
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2019-9764, GHSA-q7fx-wm2p-qfj8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6jm-xxdn-h3f3
3
url VCID-e8wd-mxwb-rqdj
vulnerability_id VCID-e8wd-mxwb-rqdj
summary 
Missing Authorization in HashiCorp Consul
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3920.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3920.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3920
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.6229
published_at 2026-04-21T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62199
published_at 2026-04-07T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.62249
published_at 2026-04-08T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.62267
published_at 2026-04-09T12:55:00Z
4
value 0.00426
scoring_system epss
scoring_elements 0.62285
published_at 2026-04-11T12:55:00Z
5
value 0.00426
scoring_system epss
scoring_elements 0.62274
published_at 2026-04-12T12:55:00Z
6
value 0.00426
scoring_system epss
scoring_elements 0.62253
published_at 2026-04-13T12:55:00Z
7
value 0.00426
scoring_system epss
scoring_elements 0.62298
published_at 2026-04-16T12:55:00Z
8
value 0.00426
scoring_system epss
scoring_elements 0.62305
published_at 2026-04-18T12:55:00Z
9
value 0.00426
scoring_system epss
scoring_elements 0.62202
published_at 2026-04-02T12:55:00Z
10
value 0.00426
scoring_system epss
scoring_elements 0.62233
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3920
2
reference_url https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T20:01:41Z/
url https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
3
reference_url https://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3920
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3920
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2148169
reference_id 2148169
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2148169
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2022-3920, GHSA-gw2g-hhc9-wgjh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8wd-mxwb-rqdj
4
url VCID-kf3v-xwjs-ube6
vulnerability_id VCID-kf3v-xwjs-ube6
summary 
HashiCorp Consul Access Restriction Bypass
HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-8336
reference_id
reference_type
scores
0
value 0.00362
scoring_system epss
scoring_elements 0.58276
published_at 2026-04-04T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58297
published_at 2026-04-21T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.5832
published_at 2026-04-18T12:55:00Z
3
value 0.00362
scoring_system epss
scoring_elements 0.58317
published_at 2026-04-16T12:55:00Z
4
value 0.00362
scoring_system epss
scoring_elements 0.58285
published_at 2026-04-13T12:55:00Z
5
value 0.00362
scoring_system epss
scoring_elements 0.58305
published_at 2026-04-12T12:55:00Z
6
value 0.00362
scoring_system epss
scoring_elements 0.58328
published_at 2026-04-11T12:55:00Z
7
value 0.00362
scoring_system epss
scoring_elements 0.58255
published_at 2026-04-02T12:55:00Z
8
value 0.00362
scoring_system epss
scoring_elements 0.5831
published_at 2026-04-09T12:55:00Z
9
value 0.00362
scoring_system epss
scoring_elements 0.58304
published_at 2026-04-08T12:55:00Z
10
value 0.00362
scoring_system epss
scoring_elements 0.58169
published_at 2026-04-01T12:55:00Z
11
value 0.00362
scoring_system epss
scoring_elements 0.5825
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-8336
1
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
2
reference_url https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
3
reference_url https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
4
reference_url https://github.com/hashicorp/consul/issues/5423
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul/issues/5423
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-8336
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-8336
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2019-8336, GHSA-fhm8-cxcv-pwvc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf3v-xwjs-ube6
5
url VCID-pqcu-293u-vbhp
vulnerability_id VCID-pqcu-293u-vbhp
summary 
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2816
reference_id
reference_type
scores
0
value 0.00161
scoring_system epss
scoring_elements 0.36985
published_at 2026-04-21T12:55:00Z
1
value 0.00161
scoring_system epss
scoring_elements 0.37055
published_at 2026-04-08T12:55:00Z
2
value 0.00161
scoring_system epss
scoring_elements 0.37068
published_at 2026-04-09T12:55:00Z
3
value 0.00161
scoring_system epss
scoring_elements 0.37077
published_at 2026-04-11T12:55:00Z
4
value 0.00161
scoring_system epss
scoring_elements 0.37043
published_at 2026-04-12T12:55:00Z
5
value 0.00161
scoring_system epss
scoring_elements 0.37016
published_at 2026-04-13T12:55:00Z
6
value 0.00161
scoring_system epss
scoring_elements 0.37061
published_at 2026-04-16T12:55:00Z
7
value 0.00161
scoring_system epss
scoring_elements 0.37044
published_at 2026-04-18T12:55:00Z
8
value 0.00161
scoring_system epss
scoring_elements 0.37142
published_at 2026-04-02T12:55:00Z
9
value 0.00161
scoring_system epss
scoring_elements 0.37174
published_at 2026-04-04T12:55:00Z
10
value 0.00161
scoring_system epss
scoring_elements 0.37004
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2816
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-07T20:11:32Z/
url https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2816
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2816
4
reference_url https://security.gentoo.org/glsa/202412-14
reference_id GLSA-202412-14
reference_type
scores
url https://security.gentoo.org/glsa/202412-14
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-2816, GHSA-rqjq-ww83-wv5c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqcu-293u-vbhp
6
url VCID-r7p6-mxej-uqak
vulnerability_id VCID-r7p6-mxej-uqak
summary 
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0845.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0845.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0845
reference_id
reference_type
scores
0
value 0.0039
scoring_system epss
scoring_elements 0.60112
published_at 2026-04-18T12:55:00Z
1
value 0.0039
scoring_system epss
scoring_elements 0.60106
published_at 2026-04-16T12:55:00Z
2
value 0.0039
scoring_system epss
scoring_elements 0.60067
published_at 2026-04-13T12:55:00Z
3
value 0.0039
scoring_system epss
scoring_elements 0.60084
published_at 2026-04-12T12:55:00Z
4
value 0.0039
scoring_system epss
scoring_elements 0.60099
published_at 2026-04-21T12:55:00Z
5
value 0.0039
scoring_system epss
scoring_elements 0.60078
published_at 2026-04-09T12:55:00Z
6
value 0.0039
scoring_system epss
scoring_elements 0.60019
published_at 2026-04-02T12:55:00Z
7
value 0.0039
scoring_system epss
scoring_elements 0.60064
published_at 2026-04-08T12:55:00Z
8
value 0.0039
scoring_system epss
scoring_elements 0.60044
published_at 2026-04-04T12:55:00Z
9
value 0.0039
scoring_system epss
scoring_elements 0.60014
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0845
2
reference_url https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
3
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0845
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0845
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2177595
reference_id 2177595
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2177595
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
reference_id LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
reference_id XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
reference_id ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-28T16:24:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-0845, GHSA-wj6x-hcc2-f32j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7p6-mxej-uqak
7
url VCID-tfrv-ak5x-5qg7
vulnerability_id VCID-tfrv-ak5x-5qg7
summary Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28156.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
reference_id
reference_type
scores
0
value 0.00453
scoring_system epss
scoring_elements 0.63813
published_at 2026-04-21T12:55:00Z
1
value 0.00453
scoring_system epss
scoring_elements 0.63781
published_at 2026-04-13T12:55:00Z
2
value 0.00453
scoring_system epss
scoring_elements 0.63816
published_at 2026-04-16T12:55:00Z
3
value 0.00453
scoring_system epss
scoring_elements 0.63826
published_at 2026-04-18T12:55:00Z
4
value 0.00453
scoring_system epss
scoring_elements 0.63789
published_at 2026-04-04T12:55:00Z
5
value 0.00453
scoring_system epss
scoring_elements 0.63746
published_at 2026-04-07T12:55:00Z
6
value 0.00453
scoring_system epss
scoring_elements 0.63798
published_at 2026-04-08T12:55:00Z
7
value 0.00453
scoring_system epss
scoring_elements 0.63815
published_at 2026-04-09T12:55:00Z
8
value 0.00453
scoring_system epss
scoring_elements 0.63828
published_at 2026-04-11T12:55:00Z
9
value 0.00453
scoring_system epss
scoring_elements 0.63814
published_at 2026-04-12T12:55:00Z
10
value 0.01279
scoring_system epss
scoring_elements 0.79527
published_at 2026-04-02T12:55:00Z
11
value 0.01279
scoring_system epss
scoring_elements 0.7952
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28156
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
reference_id 1950492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1950492
3
reference_url https://security.archlinux.org/AVG-1830
reference_id AVG-1830
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1830
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-28156
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrv-ak5x-5qg7
8
url VCID-tn8b-w652-1ydg
vulnerability_id VCID-tn8b-w652-1ydg
summary 
Hashicorp Consul vulnerable to denial of service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1297
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47528
published_at 2026-04-21T12:55:00Z
1
value 0.00243
scoring_system epss
scoring_elements 0.47468
published_at 2026-04-07T12:55:00Z
2
value 0.00243
scoring_system epss
scoring_elements 0.47522
published_at 2026-04-08T12:55:00Z
3
value 0.00243
scoring_system epss
scoring_elements 0.47542
published_at 2026-04-11T12:55:00Z
4
value 0.00243
scoring_system epss
scoring_elements 0.47518
published_at 2026-04-12T12:55:00Z
5
value 0.00243
scoring_system epss
scoring_elements 0.47526
published_at 2026-04-13T12:55:00Z
6
value 0.00243
scoring_system epss
scoring_elements 0.47584
published_at 2026-04-16T12:55:00Z
7
value 0.00243
scoring_system epss
scoring_elements 0.47577
published_at 2026-04-18T12:55:00Z
8
value 0.00243
scoring_system epss
scoring_elements 0.47498
published_at 2026-04-02T12:55:00Z
9
value 0.00243
scoring_system epss
scoring_elements 0.47519
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1297
1
reference_url https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:50:24Z/
url https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515
2
reference_url https://github.com/hashicorp/consul
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/hashicorp/consul
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1297
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1297
4
reference_url https://security.gentoo.org/glsa/202412-14
reference_id GLSA-202412-14
reference_type
scores
url https://security.gentoo.org/glsa/202412-14
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2023-1297, GHSA-c57c-7hrj-6q6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn8b-w652-1ydg
9
url VCID-uxvb-etj2-zud6
vulnerability_id VCID-uxvb-etj2-zud6
summary HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41805
reference_id
reference_type
scores
0
value 0.04449
scoring_system epss
scoring_elements 0.89072
published_at 2026-04-21T12:55:00Z
1
value 0.04449
scoring_system epss
scoring_elements 0.89008
published_at 2026-04-01T12:55:00Z
2
value 0.04449
scoring_system epss
scoring_elements 0.89016
published_at 2026-04-02T12:55:00Z
3
value 0.04449
scoring_system epss
scoring_elements 0.89031
published_at 2026-04-04T12:55:00Z
4
value 0.04449
scoring_system epss
scoring_elements 0.89033
published_at 2026-04-07T12:55:00Z
5
value 0.04449
scoring_system epss
scoring_elements 0.89051
published_at 2026-04-08T12:55:00Z
6
value 0.04449
scoring_system epss
scoring_elements 0.89056
published_at 2026-04-09T12:55:00Z
7
value 0.04449
scoring_system epss
scoring_elements 0.89068
published_at 2026-04-11T12:55:00Z
8
value 0.04449
scoring_system epss
scoring_elements 0.89064
published_at 2026-04-12T12:55:00Z
9
value 0.04449
scoring_system epss
scoring_elements 0.89062
published_at 2026-04-13T12:55:00Z
10
value 0.04449
scoring_system epss
scoring_elements 0.89076
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41805
1
reference_url https://security.archlinux.org/AVG-2594
reference_id AVG-2594
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2594
fixed_packages
0
url pkg:deb/debian/consul@0?distro=bullseye
purl pkg:deb/debian/consul@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye
1
url pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
purl pkg:deb/debian/consul@1.8.7%2Bdfsg1-2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@1.8.7%252Bdfsg1-2%3Fdistro=bullseye
aliases CVE-2021-41805
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxvb-etj2-zud6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/consul@0%3Fdistro=bullseye