Description
Invicti determined that it was possible to access the Hashicorp Consul API without authentication. In a certain configuration of Hashicorp Consul, an unauthentication attacker may be able to archive remote command execution on the server.
Remediation
Restrict access to the Hashicorp Consul API.
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-5000)
WordPress Plugin NextGEN Gallery-WordPress Gallery Information Disclosure (1.9.11)
WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3731)