HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Consul | Hashicorp | 1.4.0 | 1.5.0 |