CVE-2021-38698

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-38698

Severity

Unknown

Description

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

References

https://images.chainguard.dev/security/CGA-ggfp-f887-7www
https://github.com/advisories/GHSA-6hw5-6gcx-phmw
https://images.chainguard.dev/security/CGA-8p4m-vvx4-587w
https://images.chainguard.dev/security/CGA-j7jw-wg8m-9hhh
https://images.chainguard.dev/security/CGA-93vm-8hwv-p2wr
https://images.chainguard.dev/security/CGA-xmg9-6fc3-8jxc
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
https://security.gentoo.org/glsa/202208-09
https://www.hashicorp.com/blog/category/consul
https://security-tracker.debian.org/tracker/CVE-2021-38698

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-38698

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources