Consul Service Mesh Intention Bypass with Malicious Certificate Signing Request
Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that a specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This vulnerability, CVE-2022-40716, was fixed in Consul...