logo

Database

Missing subresource integrity check In github.com/hashicorp/consul

Description

HashiCorp Consul vulnerable to Origin Validation Error HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-97642. NVD-2019-97643. OSV-2019-97644. GCVE-2019-9764

References

1. https://github.com/hashicorp/consul/issues/55192. https://github.com/hashicorp/consul/commit/7e11dd82aa8dae505b7307adcb68c9d3194b3b40

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.