Vulnerability Description
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Consul | >= 1.2.0, < 1.6.6 |
Related Weaknesses (CWE)
References
- https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/hashicorp/consul/pull/8023PatchThird Party Advisory
- https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.mdRelease NotesThird Party Advisory
- https://github.com/hashicorp/consul/pull/8023PatchThird Party Advisory
FAQ
What is CVE-2020-13250?
CVE-2020-13250 is a vulnerability with a CVSS score of 7.5 (HIGH). HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
How severe is CVE-2020-13250?
CVE-2020-13250 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13250?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Consul.