CVE-2020-7955: Information Exposure

January 31, 2020 (updated July 21, 2021)

HashiCorp Consul and Consul Enterprise does not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure.

References

nvd.nist.gov/vuln/detail/CVE-2020-7955
www.hashicorp.com/blog/category/consul/

Code Behaviors & Features

Detect and mitigate CVE-2020-7955 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →