CGA-93vm-8hwv-p2wr

Published

Last updated

https://images.chainguard.dev/security/CGA-93vm-8hwv-p2wr

Package

consul-1.17-fips

Latest Update

Not affected

Aliases

CVE-2021-38698
GHSA-6hw5-6gcx-phmw

Severity

6.5

Medium

CVSS V3

Summary

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

Description

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-38698
https://github.com/advisories/GHSA-6hw5-6gcx-phmw
https://github.com/hashicorp/consul/pull/10824
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
https://github.com/hashicorp/consul
https://security.gentoo.org/glsa/202208-09
https://www.hashicorp.com/blog/category/consul

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-93vm-8hwv-p2wr

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources