HashiCorp Consul 1.9.7 Enterprise Edition

CPE Details

HashiCorp Consul 1.9.7 Enterprise Edition
1.9.7
2021-07-26 10:10 +00:00
2021-07-26 10:20 +00:00

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:hashicorp:consul:1.9.7:*:*:*:enterprise:*:*:*

Informations

Vendor

hashicorp

Product

consul

Version

1.9.7

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-10086 2024-10-30 21:21 +00:00 A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
6.1
MEDIUM
CVE-2024-10006 2024-10-30 21:20 +00:00 A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
8.3
HIGH
CVE-2024-10005 2024-10-30 21:19 +00:00 A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
8.1
HIGH
CVE-2021-41803 2022-09-22 22:00 +00:00 HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
7.1
HIGH
CVE-2022-40716 2022-09-22 22:00 +00:00 HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
6.5
MEDIUM
CVE-2022-29153 2022-04-18 22:00 +00:00 HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
7.5
HIGH
CVE-2022-24687 2022-02-24 14:37 +00:00 HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
6.5
MEDIUM
CVE-2021-41805 2021-12-12 03:51 +00:00 HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
8.8
HIGH
CVE-2021-38698 2021-09-07 09:45 +00:00 HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
6.5
MEDIUM
CVE-2021-37219 2021-09-07 09:33 +00:00 HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
8.8
HIGH
CVE-2021-36213 2021-07-17 15:32 +00:00 HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.
7.5
HIGH
CVE-2021-32574 2021-07-17 15:28 +00:00 HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
7.5
HIGH
CVE-2021-3121 2021-01-11 04:57 +00:00 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
8.6
HIGH
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.