CVE-2021-41805

8.8HIGH

Key Information

Vendor: Hashicorp
Status: Consul
Vendor: CVE Published:; 12 December 2021

Badges

👾 Exploit Exists

Summary

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 5, 2024
Vulnerability published.
Dec 12, 2021
Vulnerability Reserved.
Sep 29, 2021

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)