CVE-2019-12291
Published
CVSS v3
N/A
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT
Description
HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
GitHub