Description
Acunetix determined that it was possible to access the Hashicorp Consul API without authentication. In a certain configuration of Hashicorp Consul, an unauthentication attacker may be able to archive remote command execution on the server.
Remediation
Restrict access to the Hashicorp Consul API.
References
Related Vulnerabilities
Rails remote code execution using render :inline
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-29450)
Symfony ESI (Edge-Side Includes) enabled
Webmin v1.920 Unauhenticated Remote Command Execution
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1052)