Lucene search
+L

6 matches found

osv
osv
added 2022/09/25 12:0 a.m.35 views

GHSA-M69R-9G56-7MV8 HashiCorp Consul vulnerable to authorization bypass

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal...

6.5CVSS6.4AI score0.00849EPSS
Exploits0References8
nvd
nvd
added 2022/09/23 12:15 p.m.26 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

6.5CVSS0.00849EPSS
Exploits0References5
prion
prion
added 2022/09/23 12:15 p.m.23 views

Design/Logic Flaw

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

4CVSS6.7AI score0.00849EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/09/23 12:0 a.m.483 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise are affected by CVE-2022-40716 due to not checking multiple SAN URI values in a CSR on the internal RPC endpoint. Affected versions: Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1. Fixed in 1.11.9, 1.12.5, and 1.13.2. The issue enables privile...

6.5CVSS7AI score0.00849EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2022/09/23 12:0 a.m.4 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

6.7AI score0.00849EPSS
Exploits0References5
cvelist
cvelist
added 2022/09/23 12:0 a.m.32 views

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

7.5AI score0.00849EPSS
Exploits0References5
Rows per page
Query Builder