|
HCSEC-2026-02 - Consul Vulnerable to Arbitrary File Reads Through the Vault Kubernetes Authentication Provider
|
|
0
|
266
|
March 11, 2026
|
|
HCSEC-2025-29 - Consul's KV endpoint is vulnerable to denial of service
|
|
0
|
834
|
October 28, 2025
|
|
HCSEC-2025-28 - Consul's event endpoint is vulnerable to denial of service
|
|
0
|
725
|
October 28, 2025
|
|
HCSEC-2024-24 - Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
|
|
0
|
1465
|
October 30, 2024
|
|
HCSEC-2024-23 - Consul L7 Intentions Vulnerable To Headers Bypass
|
|
0
|
1340
|
October 30, 2024
|
|
HCSEC-2024-22 - Consul L7 Intentions Vulnerable To URL Path Bypass
|
|
0
|
1488
|
October 30, 2024
|
|
HCSEC-2024-16 - Consul UI Development Workflows Vulnerable to Dependency Confusion
|
|
0
|
1008
|
July 25, 2024
|
|
HCSEC-2023-32 - Vault, Consul, and Boundary Affected By HTTP/2 “Rapid Reset” Denial of Service Vulnerability (CVE-2023-44487)
|
|
0
|
13987
|
November 2, 2023
|
|
HCSEC-2023-25 - Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
|
|
0
|
8011
|
August 8, 2023
|
|
HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner
|
|
0
|
6265
|
June 2, 2023
|
|
HCSEC-2023-15 - Consul Cluster Peering can Result in Denial of Service
|
|
0
|
6593
|
June 2, 2023
|
|
HCSEC-2021-16 - Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy
|
|
0
|
8385
|
July 15, 2021
|
|
HCSEC-2020-14 - Consul DNS and HTTP Cache Abuse Denial of Service
|
|
0
|
4291
|
November 25, 2020
|
|
HCSEC-2023-02 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Go’s net/http (CVE-2022-41717)
|
|
0
|
5370
|
February 8, 2023
|
|
HCSEC-2022-28 - Consul Cluster Peering Leaks Imported Nodes/Services Information
|
|
0
|
6389
|
November 15, 2022
|
|
HCSEC-2022-20 - Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request
|
|
0
|
7920
|
September 21, 2022
|
|
HCSEC-2022-19 - Consul Auto-Config JWT Authorization Missing Input Validation
|
|
0
|
7290
|
September 21, 2022
|
|
HCSEC-2022-10 - Consul’s HTTP Health Check May Allow Server Side Request Forgery
|
|
0
|
11024
|
April 15, 2022
|
|
HCSEC-2022-07 - Consul’s Connect Service Mesh Affected By Recent Envoy Security Releases
|
|
0
|
4881
|
March 1, 2022
|
|
HCSEC-2022-05 - Consul Ingress Gateway Panic Can Shutdown Servers
|
|
0
|
7407
|
February 15, 2022
|
|
HCSEC-2021-34 - Vault, Consul, Boundary, and Waypoint Affected By Denial of Service in Golang’s net/http (CVE-2021-44716)
|
|
0
|
5154
|
December 22, 2021
|
|
HCSEC-2021-29 - Consul Enterprise Namespace Default ACLs Allow Privilege Escalation
|
|
0
|
8151
|
November 13, 2021
|
|
HCSEC-2021-24 - Consul Missing Authorization Check on Txn.Apply Endpoint
|
|
0
|
7828
|
September 1, 2021
|
|
HCSEC-2021-23 - Consul Exposed to Denial of Service in GoGo Protobuf Dependency
|
|
0
|
9227
|
September 1, 2021
|
|
HCSEC-2021-22 - Consul Raft RPC Privilege Escalation
|
|
0
|
9333
|
September 1, 2021
|
|
HCSEC-2021-17 - Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names
|
|
0
|
7808
|
July 15, 2021
|
|
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure
|
|
2
|
67168
|
May 4, 2021
|
|
HCSEC-2020-22 - Consul Operator Read ACL Enables Connect Service Masquerading
|
|
0
|
4219
|
November 25, 2020
|
|
HCSEC-2021-08 - Consul Enterprise Audit Log Bypass for HTTP Events
|
|
0
|
7639
|
April 19, 2021
|
|
HCSEC-2021-07 - Consul API KV Endpoint Vulnerable to Cross-Site Scripting
|
|
0
|
9201
|
April 19, 2021
|