Privilege Escalation Affecting github.com/hashicorp/consul/agent package, versions >=1.6.0-beta1 <1.6.6 >=1.7.0 <1.7.4


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.1% (43rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMHASHICORPCONSULAGENT-572115
  • published 12 Jun 2020
  • disclosed 12 Jun 2020
  • credit Unknown

How to fix?

Upgrade github.com/hashicorp/consul/agent to version 1.6.6, 1.7.4 or higher.

Overview

github.com/hashicorp/consul/agent is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Affected versions of this package are vulnerable to Privilege Escalation. Consul has two types of tokens, Global and Local. Local tokens are meant to only be resolvable and used within a single datacenter. Creation of local tokens is only allowed if either token replication is enabled in a secondary datacenter, or if the datacenter the token is scoped to is the primary. In a typical cluster we expect that either token replication is on in all datacenters or local tokens are not used at all.

When token replication is not enabled in a secondary datacenter, attempts to use a local token created in the primary are successful for operations targeting that secondary datacenter. Thus what was meant to be scoped to a single datacenter is valid in other datacenters.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
5.3 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

7.5 high