HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:HHashicorp Consul
APPHashicorp1.12.41.13.11.8.1 – 1.11.9 (bez)
Powiązane podatności
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery ...