CVE-2021-37219

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-37219

Severity

Unknown

Description

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

References

https://images.chainguard.dev/security/CGA-xw46-g57p-x8jh
https://github.com/advisories/GHSA-ccw8-7688-vqx4
https://images.chainguard.dev/security/CGA-327x-gm8r-8mp5
https://images.chainguard.dev/security/CGA-9fxc-gjpw-fw7h
https://images.chainguard.dev/security/CGA-3wcw-r755-6qxj
https://images.chainguard.dev/security/CGA-qgh6-gr3q-8jp4
https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024
https://security.gentoo.org/glsa/202207-01
https://www.hashicorp.com/blog/category/consul
https://security-tracker.debian.org/tracker/CVE-2021-37219

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-37219

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources