x/vulndb: potential Go vuln in github.com/hashicorp/consul: GHSA-fhm8-cxcv-pwvc

In GitHub Security Advisory [GHSA-fhm8-cxcv-pwvc](https://github.com/advisories/GHSA-fhm8-cxcv-pwvc), there is a vulnerability in the following Go packages or modules:

| Unit | Fixed | Vulnerable Ranges |
| - | - | - |
| [github.com/hashicorp/consul](https://pkg.go.dev/github.com/hashicorp/consul) | 1.4.3 | >= 1.4, < 1.4.3 |

Cross references:
- Module github.com/hashicorp/consul appears in issue #559  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #593  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #615  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #847  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #859  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #861  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #874  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #879  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #894  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #895  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #953  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #1029  EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/consul appears in issue #1121  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #1639  NOT_IMPORTABLE
- Module github.com/hashicorp/consul appears in issue #1827  EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/consul appears in issue #1828  EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/consul appears in issue #1850  EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/consul appears in issue #1851  EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/consul appears in issue #1853  EFFECTIVELY_PRIVATE


See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
modules:
    - module: github.com/hashicorp/consul
      versions:
        - introduced: 1.4.0
          fixed: 1.4.3
      vulnerable_at: 1.4.2
      packages:
        - package: github.com/hashicorp/consul
summary: HashiCorp Consul Access Restriction Bypass
description: |-
    HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to
    bypass intended access restrictions and obtain the privileges of one other
    arbitrary token within secondary datacenters, because a token with literally
    "<hidden>" as its secret is used in unusual circumstances.
cves:
    - CVE-2019-8336
ghsas:
    - GHSA-fhm8-cxcv-pwvc
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-8336
    - report: https://github.com/hashicorp/consul/issues/5423
    - fix: https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
    - web: https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
    - advisory: https://github.com/advisories/GHSA-fhm8-cxcv-pwvc

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/hashicorp/consul: GHSA-fhm8-cxcv-pwvc #1945

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/hashicorp/consul: GHSA-fhm8-cxcv-pwvc #1945

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions