GHSA-M69R-9G56-7MV8 HashiCorp Consul vulnerable to authorization bypass

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal...

DEBIAN-CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

PT-2022-25492 · Hashicorp +3 · Hashicorp Consul +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 Description: The issue concerns HashiCorp Consul and Consul Enterprise, where versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI...

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

LastPass websiteConnector.js content script allows proxying internal RPC commands

noticed this entry in the contentscript array from the LastPass manifest: "matches": "https://1min-ui-prod.service.lastpass.com/" , "js": "1minsignup/chrome/websiteConnector.js" , "allframes": true, "runat": "documentend" , That's a content script that is only used for one specific lastpass.com...

Symantec Backup Exec buffer overflow

Buffer overflow in internal RPC-based protocol...