GHSA-4qvx-qq5w-695p

Suggest an improvement
Source
https://github.com/advisories/GHSA-4qvx-qq5w-695p
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4qvx-qq5w-695p/GHSA-4qvx-qq5w-695p.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-4qvx-qq5w-695p
Aliases
Related
Published
2022-05-14T01:36:20Z
Modified
2024-08-20T20:59:05.376975Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
HashiCorp Consul can use cleartext agent-to-agent RPC communication
Details

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

Database specific
{
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [],
    "github_reviewed_at": "2023-06-09T23:24:03Z",
    "nvd_published_at": "2018-12-09T19:29:00Z"
}
References

Affected packages

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
0.5.1
Fixed
1.4.1