BIT-consul-2021-41803
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2021-41803.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-consul-2021-41803
- Aliases
- Published
- 2024-03-06T10:52:42.202Z
- Modified
- 2024-04-05T17:26:27.423738Z
- Summary
- [none]
- Details
-
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
- Database specific
{ "cpes": [ "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*", "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:hashicorp:consul:1.12.4:*:*:*:-:*:*:*", "cpe:2.3:a:hashicorp:consul:1.12.4:*:*:*:enterprise:*:*:*", "cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*", "cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:enterprise:*:*:*" ], "severity": "High" }- References
-
- https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
- https://www.hashicorp.com/blog/category/consul
Affected packages
Bitnami / consul
Package
- Name
- consul
- Purl
- pkg:bitnami/consul
Severity
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVSS Calculator