Description
Acunetix determined that it was possible to access the Hashicorp Consul API without authentication. In a certain configuration of Hashicorp Consul, an unauthentication attacker may be able to archive remote command execution on the server.
Remediation
Restrict access to the Hashicorp Consul API.
References
Related Vulnerabilities
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)
timthumb.php remote code execution
WordPress Plugin Slack-Chat Information Disclosure (1.5.5)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4407)