CVE-2022-40716 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: >=0 <1.11.9 || >=1.12.0 <1.12.5 || >=1.13.0 <1.13.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00177 pctl0.3952

Details

HashiCorp Consul vulnerable to authorization bypass HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

Metadata

Created: 2022-09-25T00:00:27Z
Modified: 2023-09-06T18:54:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-m69r-9g56-7mv8/GHSA-m69r-9g56-7mv8.json
CWE IDs: ["CWE-252"]
Alternative ID: GHSA-m69r-9g56-7mv8
Finding: F184
Auto approve: 1