You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
mend-for-github-combot
changed the title
CVE-2021-41803 (Medium) detected in github.com/hashicorp/consul-v1.10.3
CVE-2021-41803 (High) detected in github.com/hashicorp/consul-v1.10.3
Oct 12, 2022
CVE-2021-41803 - High Severity Vulnerability
Vulnerable Library - github.com/hashicorp/consul-v1.10.3
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
Library home page: https://proxy.golang.org/github.com/hashicorp/consul/@v/v1.10.3.zip
Dependency Hierarchy:
Found in HEAD commit: 5fb0a687f6f4614ef22e971903247af1c371d3c8
Found in base branch: master
Vulnerability Details
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
Publish Date: 2022-09-23
URL: CVE-2021-41803
CVSS 3 Score Details (7.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
Release Date: 2022-09-23
Fix Resolution: hashicorp/consul - 1.11.9,1.12.5,1.13.2
The text was updated successfully, but these errors were encountered: