Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/consul@1.0.7~dfsg1-5
purl pkg:deb/debian/consul@1.0.7~dfsg1-5
Next non-vulnerable version 1.8.7+dfsg1-2
Latest non-vulnerable version 1.8.7+dfsg1-2
Risk 10.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-2dmf-rj8w-xycm
Aliases:
CVE-2020-12758
GHSA-q2qr-3c2p-9235
Denial of Service (DoS) in HashiCorp Consul HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. ### Specific Go Packages Affected github.com/hashicorp/consul/agent/consul/discoverychain
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-467g-8bds-t3ef
Aliases:
CVE-2019-12291
GHSA-h65h-v7fw-4p38
HashiCorp Consul Incorrect Access Control vulnerability HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. ### Specific Go Packages Affected github.com/hashicorp/consul/acl
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-cqzz-az3e-kych
Aliases:
CVE-2020-13170
GHSA-p2j5-3f4c-224r
Improper Input Validation in HashiCorp Consul HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. ### Specific Go Packages Affected github.com/hashicorp/consul/agent
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-ftvt-9nb3-xue3
Aliases:
CVE-2020-25864
GHSA-8xmx-h8rq-h94j
Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-gkgb-5g8x-7fgf
Aliases:
CVE-2020-7219
GHSA-23jv-v6qj-3fhh
Denial of Service (DoS) in HashiCorp Consul HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. ### Specific Go Packages Affected github.com/hashicorp/consul/agent/consul
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-gsqu-g2y4-a7ap
Aliases:
CVE-2020-28053
GHSA-6m72-467w-94rh
Privilege Escalation in HashiCorp Consul HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-jm2d-ejbf-qfhz
Aliases:
CVE-2020-13250
GHSA-rqjq-mrgx-85hp
Allocation of Resources Without Limits or Throttling in Hashicorp Consul HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. ### Specific Go Packages Affected github.com/hashicorp/consul/agent/config ### Fix The vulnerability is fixed in versions 1.6.6 and 1.7.4.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-mv9z-hxmr-skfp
Aliases:
CVE-2020-25201
GHSA-496g-fr33-whrf
Denial of service in HashiCorp Consul HashiCorp Consul Enterprise versions 1.7.0 up to 1.7.8 and 1.8.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-pet2-hhx7-g7fc
Aliases:
CVE-2018-19653
GHSA-4qvx-qq5w-695p
HashiCorp Consul can use cleartext agent-to-agent RPC communication HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the `verify_outgoing` setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-th2f-96u1-syhg
Aliases:
CVE-2020-12797
GHSA-hwqm-x785-qh8p
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. ### Specific Go Packages Affected github.com/hashicorp/consul/agent/structs
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
VCID-xzyq-wm1j-dkcu
Aliases:
CVE-2020-7955
GHSA-r9w6-rhh9-7v53
Incorrect Authorization in HashiCorp Consul HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.
1.8.7+dfsg1-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:52:21.160696+00:00 Debian Oval Importer Affected by VCID-xzyq-wm1j-dkcu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:28:19.243171+00:00 Debian Oval Importer Affected by VCID-ftvt-9nb3-xue3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:57:44.593743+00:00 Debian Oval Importer Affected by VCID-gsqu-g2y4-a7ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:26:49.861756+00:00 Debian Oval Importer Affected by VCID-gkgb-5g8x-7fgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T22:16:17.839368+00:00 Debian Oval Importer Affected by VCID-jm2d-ejbf-qfhz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:30:28.436461+00:00 Debian Oval Importer Affected by VCID-2dmf-rj8w-xycm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:44:10.376844+00:00 Debian Oval Importer Affected by VCID-mv9z-hxmr-skfp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:06:14.927402+00:00 Debian Oval Importer Affected by VCID-cqzz-az3e-kych https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:46:55.499232+00:00 Debian Oval Importer Affected by VCID-th2f-96u1-syhg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:30:01.376557+00:00 Debian Oval Importer Affected by VCID-467g-8bds-t3ef https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:17:41.966086+00:00 Debian Oval Importer Affected by VCID-pet2-hhx7-g7fc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-12T00:24:46.179479+00:00 Debian Oval Importer Affected by VCID-xzyq-wm1j-dkcu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:01:41.712801+00:00 Debian Oval Importer Affected by VCID-ftvt-9nb3-xue3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:31:56.378850+00:00 Debian Oval Importer Affected by VCID-gsqu-g2y4-a7ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:02:13.003677+00:00 Debian Oval Importer Affected by VCID-gkgb-5g8x-7fgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:53:53.139112+00:00 Debian Oval Importer Affected by VCID-jm2d-ejbf-qfhz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:11:51.020845+00:00 Debian Oval Importer Affected by VCID-2dmf-rj8w-xycm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:26:38.053314+00:00 Debian Oval Importer Affected by VCID-mv9z-hxmr-skfp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:53:46.793321+00:00 Debian Oval Importer Affected by VCID-cqzz-az3e-kych https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:34:37.893308+00:00 Debian Oval Importer Affected by VCID-th2f-96u1-syhg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:18:03.501001+00:00 Debian Oval Importer Affected by VCID-467g-8bds-t3ef https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:06:00.699121+00:00 Debian Oval Importer Affected by VCID-pet2-hhx7-g7fc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:55:22.630454+00:00 Debian Oval Importer Affected by VCID-xzyq-wm1j-dkcu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:33:07.284280+00:00 Debian Oval Importer Affected by VCID-ftvt-9nb3-xue3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:04:44.906721+00:00 Debian Oval Importer Affected by VCID-gsqu-g2y4-a7ap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:36:07.913925+00:00 Debian Oval Importer Affected by VCID-gkgb-5g8x-7fgf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:31:16.235603+00:00 Debian Oval Importer Affected by VCID-jm2d-ejbf-qfhz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:53:04.034954+00:00 Debian Oval Importer Affected by VCID-2dmf-rj8w-xycm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:10:11.356315+00:00 Debian Oval Importer Affected by VCID-mv9z-hxmr-skfp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:47:03.934222+00:00 Debian Oval Importer Affected by VCID-cqzz-az3e-kych https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:28:42.776047+00:00 Debian Oval Importer Affected by VCID-th2f-96u1-syhg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:12:47.438247+00:00 Debian Oval Importer Affected by VCID-467g-8bds-t3ef https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:01:26.285438+00:00 Debian Oval Importer Affected by VCID-pet2-hhx7-g7fc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0