📦

consul

Vendor: hashicorp

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 2 Remote Access

Total CVEs 37 Total Indexed

Avg. EPSS 5.23% Exploit Prob.

Latest CVE CVE-2025-11375 Oct 28

Security Vulnerability Index

Page 4 / 4

7.5 CVSS

CVE-2020-7219

RCE

HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

EPSS: 0.82%

Severity: HIGH

Jan 31, 2020

7.5 CVSS

CVE-2019-12291

HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.

EPSS: 0.42%

Severity: HIGH

Jun 06, 2019

7.4 CVSS

CVE-2019-9764

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.

EPSS: 0.18%

Severity: HIGH

Mar 26, 2019

8.1 CVSS

CVE-2019-8336

HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances.

EPSS: 0.36%

Severity: HIGH

Mar 05, 2019

5.9 CVSS

CVE-2018-19653

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

EPSS: 0.43%

Severity: MEDIUM

Dec 09, 2018

Displaying 5 of 37 Total Entries

1 2 3 4

Total 4 Sections