Vulnerability Report

CVE-2021-41805

Title: Hashicorp Consul Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2021-41805

CWE Category CWE-863
Published Date Dec 12, 2021
Modified Date Nov 21, 2024
Exploit Status Available
Score 8.8 CVSS v3.1
Exploit Probability (EPSS)
4.45%

Vulnerability Summary

CVE-2021-41805: HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Impacted Vendors

H
hashicorp 1
M
makandra 1

Reference Links

https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 https://security.netapp.com/advisory/ntap-20211229-0007/ https://www.hashicorp.com/blog/category/consul https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 https://security.netapp.com/advisory/ntap-20211229-0007/ https://www.hashicorp.com/blog/category/consul
CVSS v3.1
Source Entity [email protected]
Severity HIGH
8.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:S/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2021-41805 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/blackm4c/CVE-2021-41805
View Code
GitHub https://github.com/acfirthh/CVE-2021-41805
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.