Fluid Attacks Database

Description

Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	consul	=1.10.12+dfsg1-1 \|\| =1.8.7+dfsg1-2 \|\| =1.8.7+dfsg1-3 \|\| =1.8.7+dfsg1-4 \|\| =1.8.7+dfsg1-5 \|\| =1.8.7+dfsg1-6 \|\| =1.9.17+dfsg2-1	-
go	github.com/hashicorp/consul	>=0 <1.9.17 \|\| >=1.10.0 <1.10.10 \|\| >=1.11.0 <1.11.5	1.9.17, 1.10.10, 1.11.5

Aliases

1. CVE-2022-291532. NVD-2022-291533. OSV-DEBIAN-2022-291534. OSV-2022-291535. GCVE-2022-291536. SECURITY-TRACKER-CVE-2022-291537. security.gentoo.org

References

1. https://vulncheck.com/cve/CVE-2022-291532. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-29153.yaml3. https://discuss.hashicorp.com4. https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery5. https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/383936. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH7. https://lists.fedoraproject.org/archives/list/[email protected]/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH8. https://security.netapp.com/advisory/ntap-20220602-0005