CVE-2019-9764

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-9764

Severity

7.4

High

CVSS V3

Description

HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.

References

https://images.chainguard.dev/security/CGA-93gv-hv4c-83gx
https://github.com/advisories/GHSA-q7fx-wm2p-qfj8
https://images.chainguard.dev/security/CGA-phwr-cqx8-jcpx
https://images.chainguard.dev/security/CGA-cp9w-mfrq-958q
https://images.chainguard.dev/security/CGA-jj23-wmwc-85r9
https://images.chainguard.dev/security/CGA-f8gh-26vj-59c8
https://github.com/hashicorp/consul/issues/5519

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2019-9764

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company