Unrated severityNVD Advisory· Published Dec 12, 2021· Updated Aug 4, 2024

CVE-2021-41805

Description

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Affected products

HashiCorp/Consul Enterprisedescription
osv-coords
pkg:bitnami/consul
Range: >= 1.7.0, < 1.8.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871mitrex_refsource_MISC
security.netapp.com/advisory/ntap-20211229-0007/mitrex_refsource_CONFIRM
www.hashicorp.com/blog/category/consulmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000