Consul Auto-Config JWT Authorization Missing Input Validation
Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that a specially crafted auto-config request allows TLS certificate and ACL token to be generated for a node name not intended by the operator. This vulnerability, CVE-2021-41803, was fixed in Consul 1.11.9,...