DirectorySecurity Advisories
Sign In
Security Advisories

CGA-rj2p-766g-qgvf

Published

Last updated

https://images.chainguard.dev/security/CGA-rj2p-766g-qgvf
Package

consul-1.16

Latest Update
Not affected
Aliases
  • CVE-2022-40716
  • GHSA-m69r-9g56-7mv8

Severity

6.5

Medium

CVSS V3

Summary

HashiCorp Consul vulnerable to authorization bypass

Description

HashiCorp Consul and Consul Enterprise versions prior to 1.11.9, 1.12.5, and 1.13.2 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. A specially crafted CSR sent directly to Consul’s internal server agent RPC endpoint can include multiple SAN URI values with additional service names. This issue has been fixed in versions 1.11.9, 1.12.5, and 1.13.2. There are no known workarounds.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation