Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:NHashicorp Consul
APPHashicorp1.15.0 – 1.15.3 (bez)
Powiązane podatności
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names pri...
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery ...