GHSA-m69r-9g56-7mv8

Suggest an improvement
Source
https://github.com/advisories/GHSA-m69r-9g56-7mv8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-m69r-9g56-7mv8/GHSA-m69r-9g56-7mv8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m69r-9g56-7mv8
Aliases
Related
Published
2022-09-25T00:00:27Z
Modified
2024-08-21T16:28:46.743737Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
HashiCorp Consul vulnerable to authorization bypass
Details

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

Database specific 
{
    "nvd_published_at": "2022-09-23T12:15:00Z",
    "cwe_ids": [
        "CWE-252"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-29T14:39:58Z"
}
References

Affected packages

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.9

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
1.12.0
Fixed
1.12.5

Go / github.com/hashicorp/consul

Package

Name
github.com/hashicorp/consul
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/consul

Affected ranges

Type
SEMVER
Events
Introduced
1.13.0
Fixed
1.13.2