3 matches found
GHSA-M69R-9G56-7MV8 HashiCorp Consul vulnerable to authorization bypass
HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal...
CVE-2022-40716
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...
PT-2022-25492 · Hashicorp +3 · Hashicorp Consul +4
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 Description: The issue concerns HashiCorp Consul and Consul Enterprise, where versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI...