CVE-2019-8336
unknown
CVSS v3
—
VIR risk
—
Description
HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bullseye | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/hashicorp/consul | >=1.4.0,<1.4.3 | 1.4.3 |
References
- https://security-tracker.debian.org/tracker/CVE-2019-8336
- https://nvd.nist.gov/vuln/detail/CVE-2019-8336
- https://github.com/hashicorp/consul/issues/5423
- https://github.com/hashicorp/consul/commit/90040f8bffb311e6cd8599273e95b607175e311f
- https://github.com/hashicorp/consul
- https://github.com/hashicorp/consul/blob/003370ded024096cd89fb2aa2bc15293c23b9707/agent/consul/leader.go#L405
- https://github.com/advisories/GHSA-fhm8-cxcv-pwvc
💬 Discuss CVE-2019-8336 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.