CVE-2022-40716

🗓️ 23 Sep 2022 12:15:10Reported by [email protected]Type

HashiCorp Consul and Consul Enterprise do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions

Reporter	Title	Published	Views	Family All 56
AlpineLinux	CVE-2022-40716	23 Sep 202200:00	–	alpinelinux
BDU FSTEC	The vulnerability of the Consul and Consul Enterprise service configuration tool, related to unvalidated returned values, allows attackers to circumvent established security restrictions.	17 Jul 202500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Consul and Consul Enterprise service configuration tool, related to the disclosure of information, allows a perpetrator to access potentially confidential information.	17 Jul 202500:00	–	bdu_fstec
Chainguard	CVE-2022-40716 vulnerabilities	23 Sep 202212:15	–	cgr
Circl	CVE-2022-40716	23 Sep 202216:28	–	circl
CNNVD	HashiCorp Consul 安全漏洞	23 Sep 202200:00	–	cnnvd
CVE	CVE-2022-40716	23 Sep 202200:00	–	cve
Cvelist	CVE-2022-40716	23 Sep 202200:00	–	cvelist
Debian CVE	CVE-2022-40716	23 Sep 202200:00	–	debiancve
EUVD	EUVD-2022-6870	3 Oct 202520:07	–	euvd

NVD

Node

hashicorp consulRange<1.11.9-

hashicorp consulRange<1.11.9enterprise

hashicorp consulRange1.12.0–1.12.5-

hashicorp consulRange1.12.0–1.12.5enterprise

hashicorp consulRange1.13.0–1.13.2-

hashicorp consulRange1.13.0–1.13.2enterprise

Source	Link
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
discuss	www.discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628
discuss	www.discuss.hashicorp.com/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/