.. / CVE-2020-25864

Exploit for HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting (CVE-2020-25864)

Description:

HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode.

Nuclei Template

View the template here CVE-2020-25864.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-25864.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-25864
https://github.com/ARPSyndicate/cvemon
https://www.hashicorp.com/blog/category/consul
https://security.gentoo.org/glsa/202208-09
https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368