Consul’s Envoy TLS Configuration Did Not Validate Destination Service Subject Alternative Names
Summary A vulnerability was identified in Consul and Consul Enterprise “Consul” such that the Envoy proxy configuration for Consul Connect does not mutually verify the destination service identity. This vulnerability, CVE-2021-32574, affects Consul versions 1.3.0 up to 1.10.0, and is fixed in the...