CVE-2021-41803

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-41803

CGA ID

CGA-x38p-p6h4-33cc

Severity

Unknown

Description

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

References

https://images.chainguard.dev/security/CGA-x38p-p6h4-33cc
https://github.com/advisories/GHSA-hr3v-8cp3-68rf
https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627
https://www.hashicorp.com/blog/category/consul
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
https://security-tracker.debian.org/tracker/CVE-2021-41803

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2021-41803

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources