CVE-2020-25864 - OpenCVE

HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Consul

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:consul:::::-:::*
	cpe:2.3:a:hashicorp:consul:::::enterprise:::*
	cpe:2.3:a:hashicorp:consul:::::-:::*
	cpe:2.3:a:hashicorp:consul:::::enterprise:::*
	cpe:2.3:a:hashicorp:consul:::::-:::*
	cpe:2.3:a:hashicorp:consul:::::enterprise:::*

No data.

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368
https://github.com/hashicorp/consul/pull/10023
https://nvd.nist.gov/vuln/detail/CVE-2020-25864
https://security.gentoo.org/glsa/202208-09
https://www.cve.org/CVERecord?id=CVE-2020-25864
https://www.hashicorp.com/blog/category/consul

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-20T13:07:21

Updated: 2024-08-04T15:49:05.907Z

Reserved: 2020-09-23T00:00:00

Link: CVE-2020-25864

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-20T16:15:10.193

Modified: 2022-10-25T20:43:22.337

Link: CVE-2020-25864

Redhat

Severity : Moderate

Publid Date: 2021-04-14T00:00:00Z

Links: CVE-2020-25864 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T05:08:16", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hashicorp.com/blog/category/consul"}, {"tags": ["x_refsource_MISC"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368"}, {"name": "GLSA-202208-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-09"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25864", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hashicorp.com/blog/category/consul", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/consul"}, {"name": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368"}, {"name": "GLSA-202208-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-09"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:49:05.907Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.hashicorp.com/blog/category/consul"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368"}, {"name": "GLSA-202208-09", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-09"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25864", "datePublished": "2021-04-20T13:07:21", "dateReserved": "2020-09-23T00:00:00", "dateUpdated": "2024-08-04T15:49:05.907Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "matchCriteriaId": "8B0BFFE7-F4AE-410E-8913-85A7C7F396FB", "versionEndExcluding": "1.7.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "937E42C5-04E4-4674-9E72-6D75C7C8A573", "versionEndExcluding": "1.7.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "matchCriteriaId": "26751538-659E-42C3-9ED4-0A4E03D68750", "versionEndExcluding": "1.8.10", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4715B752-329E-4318-8023-BCC0C731AD66", "versionEndExcluding": "1.8.10", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "matchCriteriaId": "A239544A-DC16-4AA6-B021-451894B675CD", "versionEndExcluding": "1.9.5", "versionStartIncluding": "1.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "51B56481-1DCE-4301-A1AD-FDF7A111431A", "versionEndExcluding": "1.9.5", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14."}, {"lang": "es", "value": "El modo sin procesar de HashiCorp Consul y Consul Enterprise hasta versi\u00f3n 1.9.4, key-value (KV) era vulnerable a un ataque de tipo cross-site scripting. Corregido en versiones 1.9.5, 1.8.10 y 1.7.14"}], "id": "CVE-2020-25864", "lastModified": "2022-10-25T20:43:22.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-20T16:15:10.193", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-09"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.hashicorp.com/blog/category/consul"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "consul: specially crafted KV entry could be used to perform a XSS attack", "id": "1950275", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950275"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.", "In consul a specially crafted KV (key/value store) entry could be used by attacker to perform a XSS (Cross Site Scripting) attack when viewed in the raw mode."], "name": "CVE-2020-25864", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Not affected", "package_name": "servicemesh", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Not affected", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/metrics-collector-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicluster-observability-rhel8-operator", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "consul-client", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/cnf-tests-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/compliance-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/file-integrity-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-baremetal-machine-controllers", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-etcd-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-cluster-node-tuning-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-operator-registry", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-prometheus", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4-wincw/windows-machine-config-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hostpath-provisioner-rhel8-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hyperconverged-cluster-operator", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "container-native-virtualization/hyperconverged-cluster-webhook-rhel8", "product_name": "Red Hat OpenShift Virtualization 4"}], "public_date": "2021-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25864\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25864\nhttps://github.com/hashicorp/consul/pull/10023"], "statement": "OpenShift Container Platform (OCP) and OpenShift Service Mesh (OSSM) components ship only consul api which could be used for connection to consul service mesh solution, therefore are not affected by this flaw.\nSome OpenShift Virtualization components reference consul in go.sum files, however none of the projects or container images depend on or ship consul, therefore are not affected by this flaw.", "threat_severity": "Moderate", "upstream_fix": "consul 1.10.0-beta1, consul 1.9.5, consul 1.8.10, consul 1.7.14"}