CVE-2021-32574

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32574

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32574.json

Aliases

BIT-consul-2021-32574
GHSA-25gf-8qrr-g78r

Published

2021-07-17T18:15:07Z

Modified

2023-12-06T01:01:14.218577Z

Details

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

References

https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
https://security.gentoo.org/glsa/202208-09
https://www.hashicorp.com/blog/category/consul
https://github.com/hashicorp/consul/releases/tag/v1.10.1

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/consul
Events: Introduced

dda8efc612276ceba6551e2df1cf40ea39d2fdae

Fixed

03c52385f616d847ba36a09543a3cc8bb90c9798

Introduced

e8757838a49feeb682c7e6ad6b78694a78b2096b

Introduced

a417fe51040a33039d3282e31c6c6b6f4fd1f886