Hashicorp Consul Web UI and API access

High Nessus Plugin ID 111351


Hashicorp Consul Web UI and API is accessible remotely if not configured properly.


A remote, unauthenticated attacker may able to access Consul Web UI and API to gather data, register services and gain remote access.


Only allow localhost connections, set up firewall and ACLs.

See Also



Plugin Details

Severity: High

ID: 111351

File Name: hashicorp_consul_web_api.nasl

Version: 1.4

Type: remote

Family: CGI abuses

Published: 2018/07/26

Updated: 2018/09/17

Dependencies: 10107

Risk Information

Risk Factor: High

CVSS Score Source: manual

CVSS Score Rationale: Nvd has no score for this cve. tenable research analyzed the issue and assigned one.

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H