21 matches found
EUVD-2024-3020
Malicious code in bioql PyPI...
EUVD-2024-2948
Malicious code in bioql PyPI...
ROS-20241121-06
A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...
Path Traversal
github.com/hashicorp/consul is vulnerable to Path Traversal. The vulnerability is due to the bypass of HTTP request path-based access rules when using URL paths in L7 traffic intentions, allowing unauthorized access in specific scenarios...
BIT-CONSUL-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
CVE-2024-10005
A vulnerability was found in HashiCorp Consul. Due to a lack of path normalization, URL paths in L7 traffic intentions can be exploited to bypass permissions defined in the intentions. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...
GHSA-CHGM-7R52-WHJJ Hashicorp Consul Path Traversal vulnerability
A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
Hashicorp Consul Path Traversal vulnerability
A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
A vulnerability was identified in Consul and Consul Enterprise "Consul" such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
CVE-2024-10006 Consul L7 Intentions Vulnerable To Headers Bypass
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using Headers in L7 traffic intentions could bypass HTTP header based access rules...
CVE-2024-10005 Consul L7 Intentions Vulnerable To URL Path Bypass
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
CVE-2024-10005
CVE-2024-10005 affects Consul and Consul Enterprise. The issue arises from using URL paths in L7 traffic intentions, allowing bypass of HTTP request path-based access rules. Evidence from multiple sources (NVD entry and industry advisories) confirms the vulnerability in Consul’s URL path handling...
CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise “Consul” such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules...
PT-2024-8623 · Hashicorp +4 · Hashicorp Consul +4
Name of the Vulnerable Software and Affected Versions: Consul versions 1.9.0 through 1.20.1 Description: A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass...
CVE-2021-36213
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...
Design/Logic Flaw
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1...