| Bug | buster | bullseye | Description |
|---|
| CVE-2023-5332 | vulnerable (no DSA) | vulnerable (no DSA) | Patch in third party library Consul requires 'enable-script-checks' to ... |
| CVE-2022-40716 | fixed | vulnerable (no DSA) | HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ... |
| CVE-2022-29153 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ... |
| CVE-2022-24687 | fixed | vulnerable | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ... |
| CVE-2021-41803 | fixed | vulnerable (no DSA) | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ... |
| CVE-2021-38698 | fixed | vulnerable (no DSA) | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ... |
| CVE-2021-37219 | vulnerable (no DSA, ignored) | vulnerable | HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ... |
| CVE-2021-32574 | fixed | vulnerable (no DSA) | HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ... |
| CVE-2020-25864 | vulnerable (no DSA, ignored) | fixed | HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value ( ... |
| CVE-2020-7219 | vulnerable (no DSA, ignored) | fixed | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ... |
| CVE-2018-19653 | vulnerable (no DSA, ignored) | fixed | HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent ... |
| Bug | Description |
|---|
| CVE-2023-3518 | HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for ... |
| CVE-2023-2816 | Consul and Consul Enterprise allowed any user with service:write permi ... |
| CVE-2023-1297 | Consul and Consul Enterprise's cluster peering implementation containe ... |
| CVE-2023-0845 | Consul and Consul Enterprise allowed an authenticated user with servic ... |
| CVE-2022-3920 | HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ... |
| CVE-2021-41805 | HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ... |
| CVE-2021-36213 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ... |
| CVE-2021-28156 | HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ... |
| CVE-2020-28053 | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed opera ... |
| CVE-2020-25201 | HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a names ... |
| CVE-2020-13250 | HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ... |
| CVE-2020-13170 | HashiCorp Consul and Consul Enterprise did not appropriately enforce s ... |
| CVE-2020-12797 | HashiCorp Consul and Consul Enterprise failed to enforce changes to le ... |
| CVE-2020-12758 | HashiCorp Consul and Consul Enterprise could crash when configured wit ... |
| CVE-2020-7955 | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ... |
| CVE-2019-12291 | HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Key ... |
| CVE-2019-9764 | HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ... |
| CVE-2019-8336 | HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a c ... |