HIGH🇵🇱 Wersja polska

CVE-2021-41803

CVSS 7.1v3.1pub. 2022-09-23upd. 2025-05-27

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • Hashicorp Consul

    APP
    Hashicorp
    1.12.41.13.11.8.1 – 1.11.9 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-10006HIGH8.3ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...

CVE-2024-10005HIGH8.1ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...

CVE-2023-3518HIGH7.4ten sam produkt

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...

CVE-2023-2816HIGH8.7ten sam produkt

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...

CVE-2022-29153HIGH7.5ten sam produkt

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery ...