CVE-2021-32574

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32574
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32574.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32574
Aliases
Related
Published
2021-07-17T18:15:07Z
Modified
2024-07-15T22:11:54.404460Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

References

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/consul
Events

Affected versions

api/v1.*

api/v1.8.1

v1.*

v1.9.0
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7