CVE-2021-38698 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: =1.10.1 || >=1.10.1 <1.10.2 || >=1.9.0 <1.9.9 || >=0 <1.8.15

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0055 pctl0.66988

Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Metadata

Created: 2021-09-08T20:14:56Z
Modified: 2021-09-16T18:57:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-6hw5-6gcx-phmw/GHSA-6hw5-6gcx-phmw.json
CWE IDs: ["CWE-862", "CWE-863"]
Alternative ID: GHSA-6hw5-6gcx-phmw
Finding: F039
Auto approve: 1