CVE-2021-41803

🗓️ 23 Sep 2022 01:15:08Reported by [email protected]Type

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC

Reporter	Title	Published	Views	Family All 47
AlpineLinux	CVE-2021-41803	23 Sep 202200:00	–	alpinelinux
BDU FSTEC	The vulnerability of the NameHandler component of the Consul and Consul Enterprise service configuration tools allows a hacker to access potentially confidential information.	15 Apr 202500:00	–	bdu_fstec
Chainguard	CVE-2021-41803 vulnerabilities	23 Sep 202201:15	–	cgr
Circl	CVE-2021-41803	23 Sep 202207:12	–	circl
CNNVD	HashiCorp Consul 安全漏洞	23 Sep 202200:00	–	cnnvd
CVE	CVE-2021-41803	23 Sep 202200:00	–	cve
Cvelist	CVE-2021-41803	23 Sep 202200:00	–	cvelist
Debian CVE	CVE-2021-41803	23 Sep 202200:00	–	debiancve
EUVD	EUVD-2022-6841	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38	30 Aug 202301:37	–	fedora

NVD

Node

hashicorp consulRange1.8.1–1.11.9-

hashicorp consulRange1.8.1–1.11.9enterprise

hashicorp consulMatch1.12.4-

hashicorp consulMatch1.12.4enterprise

hashicorp consulMatch1.13.1-

hashicorp consulMatch1.13.1enterprise

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
discuss	www.discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
hashicorp	www.hashicorp.com/blog/category/consul

27 May 2025 16:15Current

CVSS 3.17.1

EPSS0.00824

CWE-862