CVE-2021-32574 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: >=0 <1.10.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01219 pctl0.78282

Details

Hashicorp Consul Missing SSL Certificate Validation HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.

Metadata

Created: 2021-07-19T21:21:03Z
Modified: 2022-08-11T20:43:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-25gf-8qrr-g78r/GHSA-25gf-8qrr-g78r.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-25gf-8qrr-g78r
Finding: F163
Auto approve: 1