CVE-2022-29153

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-29153

Severity

Unknown

Description

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

References

https://images.chainguard.dev/security/CGA-qfjm-7vpv-9jgw
https://github.com/advisories/GHSA-q6h7-4qgw-2j9p
https://images.chainguard.dev/security/CGA-847c-5xgj-vrqc
https://images.chainguard.dev/security/CGA-2xjj-6666-9x77
https://images.chainguard.dev/security/CGA-xwpx-xqfp-9pvm
https://images.chainguard.dev/security/CGA-w54c-5ggx-mr83
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
https://security.gentoo.org/glsa/202208-09
https://security.netapp.com/advisory/ntap-20220602-0005/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/
https://security-tracker.debian.org/tracker/CVE-2022-29153

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-29153

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources