Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202208-09.NASL
HistoryAug 10, 2022 - 12:00 a.m.

GLSA-202208-09 : HashiCorp Consul: Multiple Vulnerabilities

2022-08-1000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

The remote host is affected by the vulnerability described in GLSA-202208-09 (HashiCorp Consul: Multiple Vulnerabilities)

  • HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. (CVE-2020-25201)

  • HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. (CVE-2020-25864)

  • HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
    (CVE-2020-28053)

  • HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10. (CVE-2021-28156)

  • HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1. (CVE-2021-32574)

  • HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. (CVE-2021-36213)

  • HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. (CVE-2021-38698)

  • HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. (CVE-2022-24687)

  • HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. (CVE-2022-29153)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202208-09.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(163985);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/08/10");

  script_cve_id(
    "CVE-2020-25201",
    "CVE-2020-25864",
    "CVE-2020-28053",
    "CVE-2021-28156",
    "CVE-2021-32574",
    "CVE-2021-36213",
    "CVE-2021-38698",
    "CVE-2022-24687",
    "CVE-2022-29153"
  );

  script_name(english:"GLSA-202208-09 : HashiCorp Consul: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202208-09 (HashiCorp Consul: Multiple
Vulnerabilities)

  - HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be
    triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. (CVE-2020-25201)

  - HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to
    cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14. (CVE-2020-25864)

  - HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL
    permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.
    (CVE-2020-28053)

  - HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted
    HTTP events. Fixed in 1.9.5, and 1.8.10. (CVE-2021-28156)

  - HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not
    validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and
    1.10.1. (CVE-2021-32574)

  - HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7
    application-aware intention deny action cancels out, causing the intention to incorrectly fail open,
    allowing L4 traffic. Fixed in 1.9.8 and 1.10.1. (CVE-2021-36213)

  - HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for
    other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. (CVE-2021-38698)

  - HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource
    Consumption. (CVE-2022-24687)

  - HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. (CVE-2022-29153)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202208-09");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=760696");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=783483");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=802522");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=812497");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=834006");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=838328");
  script_set_attribute(attribute:"solution", value:
"All HashiCorp Consul users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=app-admin/consul-1.9.17");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29153");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/08/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:consul");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : "app-admin/consul",
    'unaffected' : make_list("ge 1.9.17"),
    'vulnerable' : make_list("lt 1.9.17")
  }
];

foreach package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "HashiCorp Consul");
}
VendorProductVersionCPE
gentoolinuxconsulp-cpe:/a:gentoo:linux:consul
gentoolinuxcpe:/o:gentoo:linux

Related

gentoo 1
archlinux 1
freebsd 2
nessus 10
photon 23
ibm 2
prion 9
github 8
veracode 8
debiancve 9
osv 26
ubuntucve 9
cgr 5
cve 9
alpinelinux 7
redhatcve 3
wolfi 5
nuclei 2
openvas 8
fedora 7
mageia 1
gentoo
gentoo
HashiCorp Consul: Multiple Vulnerabilities
2022-08-10 00:00:00
archlinux
archlinux
[ASA-202107-69] consul: multiple issues
2021-07-27 00:00:00
freebsd
freebsd
Consul -- Multiple vulnerabilities
2021-04-15 00:00:00
consul -- Fix Consul Connect CA private key configuration
2020-11-02 00:00:00
nessus
nessus
FreeBSD : Consul -- Multiple vulnerabilities (093a6baf-9f99-11eb-b150-000c292ee6b8)
2021-04-19 00:00:00
Photon OS 4.0: Consul PHSA-2021-4.0-0075
2021-08-10 00:00:00
FreeBSD : consul -- Fix Consul Connect CA private key configuration (8d17229f-3054-11eb-a455-ac1f6b16e566)
2020-12-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0016
2021-04-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0075
2021-08-03 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0075
2021-08-03 00:00:00
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:49:23
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
prion
prion
Design/Logic Flaw
2021-07-17 18:15:00
Design/Logic Flaw
2021-07-17 18:15:00
Design/Logic Flaw
2022-02-24 16:15:00
github
github
Privilege Escalation in HashiCorp Consul
2024-01-31 23:11:32
Denial of service in HashiCorp Consul
2024-01-31 23:11:24
HashiCorp Consul L7 deny intention results in an allow action
2021-07-19 21:21:12
veracode
veracode
Denial Of Service (DoS)
2020-11-06 05:55:55
Privilege Escalation
2020-12-07 03:46:32
Denial Of Service (DoS)
2022-02-25 09:54:18
debiancve
debiancve
CVE-2020-25201
2020-11-04 23:15:00
CVE-2020-28053
2020-11-23 14:15:00
CVE-2021-32574
2021-07-17 18:15:00
osv
osv
BIT-consul-2020-25201
2024-03-06 10:54:33
BIT-consul-2020-28053
2024-03-06 10:54:15
CVE-2020-25201
2020-11-04 23:15:11
ubuntucve
ubuntucve
CVE-2020-25201
2020-11-04 00:00:00
CVE-2020-28053
2020-11-23 00:00:00
CVE-2022-24687
2022-02-24 00:00:00
cgr
cgr
CVE-2020-25864 vulnerabilities
2024-04-24 09:06:08
CVE-2021-36213 vulnerabilities
2024-04-24 09:06:08
CVE-2021-38698 vulnerabilities
2024-04-24 09:06:08
cve
cve
CVE-2021-32574
2021-07-17 18:15:00
CVE-2021-38698
2021-09-07 12:15:00
CVE-2021-28156
2021-04-20 16:15:00
alpinelinux
alpinelinux
CVE-2022-24687
2022-02-24 16:15:00
CVE-2021-32574
2021-07-17 18:15:00
CVE-2021-36213
2021-07-17 18:15:00
redhatcve
redhatcve
CVE-2021-28156
2021-04-16 18:31:21
CVE-2020-25864
2021-04-16 10:08:35
CVE-2022-29153
2022-10-13 16:29:07
wolfi
wolfi
CVE-2021-38698 vulnerabilities
2024-04-24 09:07:13
CVE-2021-32574 vulnerabilities
2024-04-24 09:07:13
CVE-2021-36213 vulnerabilities
2024-04-24 09:07:13
nuclei
nuclei
HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting
2022-02-17 18:25:37
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery
2023-01-08 15:26:05
openvas
openvas
Fedora: Security Advisory for moby-engine (FEDORA-2023-fde38dda12)
2023-01-11 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2022-db674bafd9)
2022-12-30 00:00:00
Fedora: Security Advisory for containerd (FEDORA-2022-7e327a20be)
2022-12-26 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: moby-engine-20.10.22-1.fc37
2023-01-11 01:22:35
[SECURITY] Fedora 36 Update: moby-engine-20.10.21-1.fc36
2022-12-29 01:16:02
[SECURITY] Fedora 37 Update: golang-github-containerd-cgroups-1.0.4-3.fc37
2022-12-26 01:06:10
mageia
mageia
Updated docker packages fix security vulnerability
2023-01-24 10:58:24
JSON
Related for GENTOO_GLSA-202208-09.NASL
gentoo1archlinux1freebsd2nessus10photon23ibm2prion9github8veracode8debiancve9osv26ubuntucve9cgr5cve9alpinelinux7redhatcve3wolfi5nuclei2openvas8fedora7mageia1