Title:HashiCorp Consul and Consul Enterprise 跨站脚本漏洞 (CVE-2020-25864) Description:Hashicorp HashiCorp Consul是美国HashiCorp(Hashicorp)公司的一套分布式、高可用数据中心感知解决方案。该产品用于跨动态分布式基础架构连接和配置应用程序。 HashiCorp Consul and Consul Enterprise 1.9.4版本存在安全漏洞,该漏洞源于原始模式容易受到跨站点脚本攻击。
Description
HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode.
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.