Published 11 months ago
Category: Authentication
Source: GitHub
Severity: Critical

Vulnerability in consul

With the consul ruby gem before 1.0.3, if a controller checks multiple powers using :if or :except conditions, these conditions are erroneously applied to all power checks in that controller. This can lead to skipped power checks and hence unauthenticated access to certain controller actions.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 1.0.3

Unaffected Versions