HIGH🇬🇧 English

CVE-2021-41803

CVSS 7.1v3.1pub. 2022-09-23upd. 2025-05-27

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • Hashicorp Consul

    APP
    Hashicorp
    1.12.41.13.11.8.1 – 1.11.9 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-10006HIGH8.3ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...

CVE-2024-10005HIGH8.1ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...

CVE-2023-3518HIGH7.4ten sam produkt

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...

CVE-2023-2816HIGH8.7ten sam produkt

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...

CVE-2022-29153HIGH7.5ten sam produkt

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery ...

CVE-2021-41803 — HIGH 7.1 | CVEbaza.pl