BIT-consul-2022-29153

Import Source

https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2022-29153.json

Aliases

CVE-2022-29153
GHSA-q6h7-4qgw-2j9p

Published

2024-03-06T10:52:10.905Z

Modified

2024-03-06T11:25:28.861Z

Details

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

References

https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/
https://security.gentoo.org/glsa/202208-09
https://security.netapp.com/advisory/ntap-20220602-0005/

Affected packages

Bitnami / consul

Package

Name: consul

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.9.17

Introduced

1.10.0

Fixed

1.10.10

Introduced

1.11.0

Fixed

1.11.5