FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
376df2f1-1295-11ec-859e-000c292ee6b8consul -- rpc: authorize raft requests

Hashicorp reports:

HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.


Discovery 2021-08-27
Entry 2021-09-11
consul
< 1.10.2

< 1.9.9

< 1.8.15

CVE-2021-37219
https://github.com/hashicorp/consul/releases/tag/v1.9.9
376df2f1-1295-11ec-859e-000c292ee6b8consul -- rpc: authorize raft requests

Hashicorp reports:

HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.


Discovery 2021-08-27
Entry 2021-09-11
consul
< 1.10.2

< 1.9.9

< 1.8.15

CVE-2021-37219
https://github.com/hashicorp/consul/releases/tag/v1.9.9
376df2f1-1295-11ec-859e-000c292ee6b8consul -- rpc: authorize raft requests

Hashicorp reports:

HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.


Discovery 2021-08-27
Entry 2021-09-11
consul
< 1.10.2

< 1.9.9

< 1.8.15

CVE-2021-37219
https://github.com/hashicorp/consul/releases/tag/v1.9.9
8d17229f-3054-11eb-a455-ac1f6b16e566consul -- Fix Consul Connect CA private key configuration

Hashicorp reports:

Increase the permissions to read from the /connect/ca/configuration endpoint to operator:write. Previously Connect CA configuration, including the private key, set via this endpoint could be read back by an operator with operator:read privileges.


Discovery 2020-11-02
Entry 2020-12-06
consul
< 1.9.0

https://github.com/hashicorp/consul/blob/master/CHANGELOG.md
CVE-2020-28053
093a6baf-9f99-11eb-b150-000c292ee6b8Consul -- Multiple vulnerabilities

Hashicorp reports:

Add content-type headers to raw KV responses to prevent XSS attacks (CVE-2020-25864). audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log (CVE-2021-28156).


Discovery 2021-04-15
Entry 2021-04-17
consul
< 1.9.5

https://github.com/hashicorp/consul/releases/tag/v1.9.5
CVE-2020-25864
CVE-2021-28156