Missing SSL Certificate Validation in Hashicorp Consul

2021-07-19T21:21:03
ID GHSA-25GF-8QRR-G78R
Type github
Reporter GitHub Advisory Database
Modified 2021-07-29T14:53:58

Description

HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.