HIGH✓ PATCH🇬🇧 English

CVE-2024-10006

CVSS 8.3v3.1pub. 2024-10-30upd. 2025-01-10

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Hashicorp Consul

    APP
    Hashicorp
    1.20.01.4.1 – 1.20.1 (bez)1.9.0 – 1.15.15 (bez)1.18.0 – 1.18.5 (bez)1.19.0 – 1.19.3 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-10005HIGH8.1ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...

CVE-2023-3518HIGH7.4ten sam produkt

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...

CVE-2023-2816HIGH8.7ten sam produkt

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...

CVE-2021-41803HIGH7.1ten sam produkt

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names pri...

CVE-2022-29153HIGH7.5ten sam produkt

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery ...