3 matches found
EUVD-2021-1451
Malware in sbrugna...
CVE-2021-36213
HashiCorp Consul and Consul Enterprise versions 1.9.0–1.10.0 are affected by CVE-2021-36213, where a single L7 application-aware deny action under a default-deny policy can cancel the intention and incorrectly allow L4 traffic. The issue is fixed in Consul/Consul Enterprise 1.9.8 and 1.10.1 (upst...
Consul’s Application-Aware Intentions Deny Action Fails Open When Combined With Default Deny Policy
Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using defaultpolicy = "deny" with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. This vulnerability, CVE-2021-36213,...