Description
Acunetix determined that it was possible to access the Hashicorp Consul API without authentication. In a certain configuration of Hashicorp Consul, an unauthentication attacker may be able to archive remote command execution on the server.
Remediation
Restrict access to the Hashicorp Consul API.
References
Related Vulnerabilities
Save Contact Form 7 Information Disclosure (2.0)
GhostScript RCE (Remote Code Execution)
Page and Post Clone Information Disclosure (1.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2100)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2642)