BIT-consul-2021-32574

Import Source

https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2021-32574.json

Aliases

CVE-2021-32574
GHSA-25gf-8qrr-g78r

Published

2024-03-06T10:53:21.700Z

Modified

2024-03-06T11:25:28.861Z

Details

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

References

https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
https://github.com/hashicorp/consul/releases/tag/v1.10.1
https://security.gentoo.org/glsa/202208-09
https://www.hashicorp.com/blog/category/consul

Affected packages

Bitnami / consul

Package

Name: consul

Affected ranges

Type: SEMVER
Events: Introduced

1.3.0

Fixed

1.8.14

Introduced

1.9.0

Fixed

1.9.8

Introduced

1.10.0

Fixed

1.10.1