CVE-2020-25201

{"id": "CVE-2020-25201", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-11-04T23:15:11.923", "references": [{"url": "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202208-09", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.hashicorp.com/blog/category/consul", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5."}, {"lang": "es", "value": "HashiCorp Consul Enterprise versiones 1.7.0 hasta 1.8.4, incluye un error de replicaci\u00f3n de espacio de nombres que puede ser activado para causar una denegaci\u00f3n de servicio por medio de escrituras Raft infinitas. Corregido en versiones 1.7.9 y 1.8.5"}], "lastModified": "2022-10-25T20:43:10.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "F21A4BD8-484B-4573-8DA7-2DA21C6A5323", "versionEndIncluding": "1.8.4", "versionStartIncluding": "1.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}