Search

Find a vulnerability

Search criteria

    72 vulnerabilities found for consul by hashicorp

    CVE-2026-2808 (GCVE-0-2026-2808)

    Vulnerability from nvd – Published: 2026-03-11 23:08 – Updated: 2026-04-17 17:57
    VLAI
    Title
    Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
    Summary
    HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access (Link Following)
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.5 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.5 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by Defang Bo.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T13:28:18.993425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T13:28:26.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.11",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.21",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by Defang Bo."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23: File Content Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (Link Following)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T17:57:55.646Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulnerable-to-arbitrary-file-reads-through-the-vault-kubernetes-authentication-provider/77232"
            }
          ],
          "source": {
            "advisory": "HCSEC-2026-02",
            "discovery": "EXTERNAL"
          },
          "title": "Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2026-2808",
        "datePublished": "2026-03-11T23:08:32.414Z",
        "dateReserved": "2026-02-19T15:17:24.550Z",
        "dateUpdated": "2026-04-17T17:57:55.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11375 (GCVE-0-2025-11375)

    Vulnerability from nvd – Published: 2025-10-28 20:12 – Updated: 2025-12-09 01:37
    VLAI
    Title
    Consul's event endpoint is vulnerable to denial of service
    Summary
    Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:34:13.959341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:34:25.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.6",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.20.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469: HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T01:37:57.188Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723"
            }
          ],
          "source": {
            "advisory": "HCSEC-2025-28",
            "discovery": "EXTERNAL"
          },
          "title": "Consul\u0027s event endpoint is vulnerable to denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2025-11375",
        "datePublished": "2025-10-28T20:12:14.325Z",
        "dateReserved": "2025-10-06T15:34:11.889Z",
        "dateUpdated": "2025-12-09T01:37:57.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11374 (GCVE-0-2025-11374)

    Vulnerability from nvd – Published: 2025-10-28 20:19 – Updated: 2026-04-17 18:34
    VLAI
    Title
    Consul's KV endpoint is vulnerable to denial of service
    Summary
    Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] ).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T20:35:54.518844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T20:36:06.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.6",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.20.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] )."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469: HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T18:34:14.829Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"
            }
          ],
          "source": {
            "advisory": "HCSEC-2025-29",
            "discovery": "EXTERNAL"
          },
          "title": "Consul\u0027s KV endpoint is vulnerable to denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2025-11374",
        "datePublished": "2025-10-28T20:19:05.292Z",
        "dateReserved": "2025-10-06T15:34:09.965Z",
        "dateUpdated": "2026-04-17T18:34:14.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10086 (GCVE-0-2024-10086)

    Vulnerability from nvd – Published: 2024-10-30 21:21 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
    Summary
    A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.4.1 , < 1.20.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.4.1 , < 1.20.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10086",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:49:16.403136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:49:28.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:42.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63: Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:21:46.559Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-24",
            "discovery": "EXTERNAL"
          },
          "title": "Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10086",
        "datePublished": "2024-10-30T21:21:46.559Z",
        "dateReserved": "2024-10-17T15:23:28.133Z",
        "dateUpdated": "2025-01-10T13:06:42.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10006 (GCVE-0-2024-10006)

    Vulnerability from nvd – Published: 2024-10-30 21:20 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul L7 Intentions Vulnerable To Headers Bypass
    Summary
    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
    Unaffected: 1.19.3
    Unaffected: 1.18.5
    Unaffected: 1.15.15
        cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
        cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.19.3"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.18.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.15.15"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:49:58.696502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:59:13.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:41.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220: Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644: Improper Neutralization of HTTP Headers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:20:37.011Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-23",
            "discovery": "EXTERNAL"
          },
          "title": "Consul L7 Intentions Vulnerable To Headers Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10006",
        "datePublished": "2024-10-30T21:20:37.011Z",
        "dateReserved": "2024-10-15T17:46:48.500Z",
        "dateUpdated": "2025-01-10T13:06:41.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10005 (GCVE-0-2024-10005)

    Vulnerability from nvd – Published: 2024-10-30 21:19 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul L7 Intentions Vulnerable To URL Path Bypass
    Summary
    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
    Unaffected: 1.19.3
    Unaffected: 1.18.5
    Unaffected: 1.15.15
        cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
        cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.19.3"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.18.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.15.15"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:59:37.966921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T14:01:55.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:39.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:19:22.576Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-22",
            "discovery": "EXTERNAL"
          },
          "title": "Consul L7 Intentions Vulnerable To URL Path Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10005",
        "datePublished": "2024-10-30T21:19:22.576Z",
        "dateReserved": "2024-10-15T17:46:30.633Z",
        "dateUpdated": "2025-01-10T13:06:39.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5332 (GCVE-0-2023-5332)

    Vulnerability from nvd – Published: 2023-12-04 06:30 – Updated: 2024-10-03 06:23
    VLAI
    Title
    Dependency on Vulnerable Third-Party Component in GitLab
    Summary
    Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Affected: 9.5.0 , < 16.2.8 (semver)
    Affected: 16.3.0 , < 16.3.5 (semver)
    Affected: 16.4 , < 16.4.1 (semver)
        cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    This issue was reported internally.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GitLab Issue #8171",
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "GitLab",
              "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
              "vendor": "GitLab",
              "versions": [
                {
                  "lessThan": "16.2.8",
                  "status": "affected",
                  "version": "9.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.3.5",
                  "status": "affected",
                  "version": "16.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.4.1",
                  "status": "affected",
                  "version": "16.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This issue was reported internally."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Patch in third party library Consul requires \u0027enable-script-checks\u0027 to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T06:23:16.051Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "name": "GitLab Issue #8171",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171"
            },
            {
              "url": "https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to versions 16.2.8, 16.3.5, 16.4.1 or above."
            }
          ],
          "title": "Dependency on Vulnerable Third-Party Component in GitLab"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2023-5332",
        "datePublished": "2023-12-04T06:30:33.856Z",
        "dateReserved": "2023-10-02T12:01:25.316Z",
        "dateUpdated": "2024-10-03T06:23:16.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3518 (GCVE-0-2023-3518)

    Vulnerability from nvd – Published: 2023-08-09 15:06 – Updated: 2024-10-08 14:56
    VLAI
    Title
    JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
    Summary
    HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:42:29.313810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:56:28.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.16.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.16.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T21:02:13.649Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004"
            }
          ],
          "source": {
            "advisory": "HCSEC-2023-25",
            "discovery": "INTERNAL"
          },
          "title": "JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-3518",
        "datePublished": "2023-08-09T15:06:52.406Z",
        "dateReserved": "2023-07-05T21:02:24.890Z",
        "dateUpdated": "2024-10-08T14:56:28.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2816 (GCVE-0-2023-2816)

    Vulnerability from nvd – Published: 2023-06-02 22:43 – Updated: 2024-10-07 20:12
    VLAI
    Title
    Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
    Summary
    Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.15.0
    Affected: 1.15.1
    Affected: 1.15.2
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.15.0
    Affected: 1.15.1
    Affected: 1.15.2
    Create a notification for this product.
    hashicorp consul Affected: 1.15.0 , ≤ 1.15.2 (custom)
        cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.15.0 , ≤ 1.15.2 (custom)
        cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThanOrEqual": "1.15.2",
                    "status": "affected",
                    "version": "1.15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThanOrEqual": "1.15.2",
                    "status": "affected",
                    "version": "1.15.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T20:11:32.907747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T20:12:01.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-113",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-113: Interface Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T18:59:27.367Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"
            }
          ],
          "source": {
            "advisory": "HCSEC-2023-16",
            "discovery": "INTERNAL"
          },
          "title": "Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-2816",
        "datePublished": "2023-06-02T22:43:34.553Z",
        "dateReserved": "2023-05-19T18:11:06.618Z",
        "dateUpdated": "2024-10-07T20:12:01.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1297 (GCVE-0-2023-1297)

    Vulnerability from nvd – Published: 2023-06-02 22:48 – Updated: 2025-01-08 17:51
    VLAI
    Title
    Consul Cluster Peering can Result in Denial of Service
    Summary
    Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-826 - Premature Release of Resource During Expected Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.14.0 , ≤ 1.14.5 (semver)
    Affected: 1.15.0 , ≤ 1.15.3 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.14.0 , ≤ 1.14.5 (semver)
    Affected: 1.15.0 , ≤ 1.15.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:41:00.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-08T17:50:24.766676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-08T17:51:02.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThanOrEqual": "1.14.5",
                  "status": "affected",
                  "version": "1.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.3",
                  "status": "affected",
                  "version": "1.15.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThanOrEqual": "1.14.5",
                  "status": "affected",
                  "version": "1.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.3",
                  "status": "affected",
                  "version": "1.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions in a cluster that uses cluster peering."
                }
              ],
              "value": "Consul and Consul Enterprise\u0027s cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176: Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-826",
                  "description": "CWE-826: Premature Release of Resource During Expected Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-02T22:48:28.938Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": " Consul Cluster Peering can Result in Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-1297",
        "datePublished": "2023-06-02T22:48:28.938Z",
        "dateReserved": "2023-03-09T18:51:51.406Z",
        "dateUpdated": "2025-01-08T17:51:02.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0845 (GCVE-0-2023-0845)

    Vulnerability from nvd – Published: 2023-03-09 15:14 – Updated: 2025-02-28 16:24
    VLAI
    Title
    Consul Server Panic when Ingress and API Gateways Configured with Peering
    Summary
    Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - Null Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0845",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:00.841526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:23.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service."
                }
              ],
              "value": "Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-113",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-113: Interface Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: Null Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:19.253Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Consul Server Panic when Ingress and API Gateways Configured with Peering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-0845",
        "datePublished": "2023-03-09T15:14:26.581Z",
        "dateReserved": "2023-02-15T15:53:44.942Z",
        "dateUpdated": "2025-02-28T16:24:23.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3920 (GCVE-0-2022-3920)

    Vulnerability from nvd – Published: 2022-11-15 23:25 – Updated: 2025-04-29 20:02
    VLAI
    Title
    Consul Peering Imported Nodes/Services Leak
    Summary
    HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.13.0
    Affected: 1.13.1
    Affected: 1.13.2
    Affected: 1.13.3
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.13.0
    Affected: 1.13.1
    Affected: 1.13.2
    Affected: 1.13.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.854Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T20:01:41.541343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T20:02:00.547Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.13.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.13.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster peering\u0027s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0."
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering\u0027s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T23:25:30.161Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Consul Peering Imported Nodes/Services Leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2022-3920",
        "datePublished": "2022-11-15T23:25:30.161Z",
        "dateReserved": "2022-11-09T23:10:38.071Z",
        "dateUpdated": "2025-04-29T20:02:00.547Z",
        "requesterUserId": "5311d85b-fc2e-473d-9ddd-71031e52448b",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40716 (GCVE-0-2022-40716)

    Vulnerability from nvd – Published: 2022-09-23 00:00 – Updated: 2025-05-27 14:54
    VLAI
    Summary
    HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-252 - Unchecked Return Value
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:21:46.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628"
              },
              {
                "name": "FEDORA-2023-9f5f1ef40a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "name": "FEDORA-2023-cf3551046d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "name": "FEDORA-2023-b9c1d0e4c5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T14:54:18.423794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-252",
                    "description": "CWE-252 Unchecked Return Value",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T14:54:21.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:30.853Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628"
            },
            {
              "name": "FEDORA-2023-9f5f1ef40a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "name": "FEDORA-2023-cf3551046d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "name": "FEDORA-2023-b9c1d0e4c5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40716",
        "datePublished": "2022-09-23T00:00:00.000Z",
        "dateReserved": "2022-09-14T00:00:00.000Z",
        "dateUpdated": "2025-05-27T14:54:21.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41803 (GCVE-0-2021-41803)

    Vulnerability from nvd – Published: 2022-09-23 00:00 – Updated: 2025-05-27 15:22
    VLAI
    Summary
    HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-862 - Missing Authorization
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:24.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hashicorp.com/blog/category/consul"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627"
              },
              {
                "name": "FEDORA-2023-9f5f1ef40a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "name": "FEDORA-2023-cf3551046d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "name": "FEDORA-2023-b9c1d0e4c5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T15:21:40.244278Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T15:22:09.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:23.780Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.hashicorp.com/blog/category/consul"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627"
            },
            {
              "name": "FEDORA-2023-9f5f1ef40a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "name": "FEDORA-2023-cf3551046d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "name": "FEDORA-2023-b9c1d0e4c5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-41803",
        "datePublished": "2022-09-23T00:00:00.000Z",
        "dateReserved": "2021-09-29T00:00:00.000Z",
        "dateUpdated": "2025-05-27T15:22:09.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29153 (GCVE-0-2022-29153)

    Vulnerability from nvd – Published: 2022-04-19 00:00 – Updated: 2024-08-03 06:10
    VLAI Shadowserver
    Summary
    HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:59.268Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0005/"
              },
              {
                "name": "GLSA-202208-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/"
              },
              {
                "name": "FEDORA-2022-7e327a20be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0005/"
            },
            {
              "name": "GLSA-202208-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-09"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/"
            },
            {
              "name": "FEDORA-2022-7e327a20be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-29153",
        "datePublished": "2022-04-19T00:00:00.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:59.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-2808 (GCVE-0-2026-2808)

    Vulnerability from cvelistv5 – Published: 2026-03-11 23:08 – Updated: 2026-04-17 17:57
    VLAI
    Title
    Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
    Summary
    HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access (Link Following)
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.5 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.5 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by Defang Bo.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2808",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-12T13:28:18.993425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-12T13:28:26.972Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.11",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.21",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by Defang Bo."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-23",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-23: File Content Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (Link Following)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T17:57:55.646Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2026-02-consul-vulnerable-to-arbitrary-file-reads-through-the-vault-kubernetes-authentication-provider/77232"
            }
          ],
          "source": {
            "advisory": "HCSEC-2026-02",
            "discovery": "EXTERNAL"
          },
          "title": "Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2026-2808",
        "datePublished": "2026-03-11T23:08:32.414Z",
        "dateReserved": "2026-02-19T15:17:24.550Z",
        "dateUpdated": "2026-04-17T17:57:55.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11374 (GCVE-0-2025-11374)

    Vulnerability from cvelistv5 – Published: 2025-10-28 20:19 – Updated: 2026-04-17 18:34
    VLAI
    Title
    Consul's KV endpoint is vulnerable to denial of service
    Summary
    Consul and Consul Enterprise’s (“Consul”) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    Credits
    This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] ).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11374",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T20:35:54.518844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T20:36:06.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.6",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.20.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "This issue was identified by Julien Ahrens from RCE Security ([https://www.rcesecurity.com/|https://www.rcesecurity.com/|smart-link] )."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value endpoint is vulnerable to denial of service (DoS) due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469: HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-17T18:34:14.829Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2025-29-consuls-kv-endpoint-is-vulnerable-to-denial-of-service/76724"
            }
          ],
          "source": {
            "advisory": "HCSEC-2025-29",
            "discovery": "EXTERNAL"
          },
          "title": "Consul\u0027s KV endpoint is vulnerable to denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2025-11374",
        "datePublished": "2025-10-28T20:19:05.292Z",
        "dateReserved": "2025-10-06T15:34:09.965Z",
        "dateUpdated": "2026-04-17T18:34:14.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11375 (GCVE-0-2025-11375)

    Vulnerability from cvelistv5 – Published: 2025-10-28 20:12 – Updated: 2025-12-09 01:37
    VLAI
    Title
    Consul's event endpoint is vulnerable to denial of service
    Summary
    Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 0 , < 1.22.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11375",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T17:34:13.959341Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-29T17:34:25.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.21.6",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.20.8",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.22.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469: HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-09T01:37:57.188Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723"
            }
          ],
          "source": {
            "advisory": "HCSEC-2025-28",
            "discovery": "EXTERNAL"
          },
          "title": "Consul\u0027s event endpoint is vulnerable to denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2025-11375",
        "datePublished": "2025-10-28T20:12:14.325Z",
        "dateReserved": "2025-10-06T15:34:11.889Z",
        "dateUpdated": "2025-12-09T01:37:57.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10086 (GCVE-0-2024-10086)

    Vulnerability from cvelistv5 – Published: 2024-10-30 21:21 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
    Summary
    A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.4.1 , < 1.20.0 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.4.1 , < 1.20.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10086",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:49:16.403136Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:49:28.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:42.658Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.0",
                  "status": "affected",
                  "version": "1.4.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63: Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:21:46.559Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-24",
            "discovery": "EXTERNAL"
          },
          "title": "Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10086",
        "datePublished": "2024-10-30T21:21:46.559Z",
        "dateReserved": "2024-10-17T15:23:28.133Z",
        "dateUpdated": "2025-01-10T13:06:42.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10006 (GCVE-0-2024-10006)

    Vulnerability from cvelistv5 – Published: 2024-10-30 21:20 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul L7 Intentions Vulnerable To Headers Bypass
    Summary
    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-644 - Improper Neutralization of HTTP Headers
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
    Unaffected: 1.19.3
    Unaffected: 1.18.5
    Unaffected: 1.15.15
        cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
        cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.19.3"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.18.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.15.15"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10006",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:49:58.696502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T13:59:13.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:41.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-220",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-220: Client-Server Protocol Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-644",
                  "description": "CWE-644: Improper Neutralization of HTTP Headers",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:20:37.011Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-23",
            "discovery": "EXTERNAL"
          },
          "title": "Consul L7 Intentions Vulnerable To Headers Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10006",
        "datePublished": "2024-10-30T21:20:37.011Z",
        "dateReserved": "2024-10-15T17:46:48.500Z",
        "dateUpdated": "2025-01-10T13:06:41.296Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-10005 (GCVE-0-2024-10005)

    Vulnerability from cvelistv5 – Published: 2024-10-30 21:19 – Updated: 2025-01-10 13:06
    VLAI
    Title
    Consul L7 Intentions Vulnerable To URL Path Bypass
    Summary
    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.9.0 , < 1.20.1 (semver)
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
    Unaffected: 1.19.3
    Unaffected: 1.18.5
    Unaffected: 1.15.15
        cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.9.0 , < 1.20.1 (semver)
        cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.19.3"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.18.5"
                  },
                  {
                    "status": "unaffected",
                    "version": "1.15.15"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThan": "1.20.1",
                    "status": "affected",
                    "version": "1.9.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-31T13:59:37.966921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T14:01:55.370Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-01-10T13:06:39.935Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://security.netapp.com/advisory/ntap-20250110-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.19.3",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.18.5",
                      "status": "unaffected"
                    },
                    {
                      "at": "1.15.15",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "1.20.1",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126: Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-30T21:19:22.576Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass"
            }
          ],
          "source": {
            "advisory": "HCSEC-2024-22",
            "discovery": "EXTERNAL"
          },
          "title": "Consul L7 Intentions Vulnerable To URL Path Bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2024-10005",
        "datePublished": "2024-10-30T21:19:22.576Z",
        "dateReserved": "2024-10-15T17:46:30.633Z",
        "dateUpdated": "2025-01-10T13:06:39.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5332 (GCVE-0-2023-5332)

    Vulnerability from cvelistv5 – Published: 2023-12-04 06:30 – Updated: 2024-10-03 06:23
    VLAI
    Title
    Dependency on Vulnerable Third-Party Component in GitLab
    Summary
    Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
    CWE
    • CWE-1395 - Dependency on Vulnerable Third-Party Component
    Assigner
    Impacted products
    Vendor Product Version
    GitLab GitLab Affected: 9.5.0 , < 16.2.8 (semver)
    Affected: 16.3.0 , < 16.3.5 (semver)
    Affected: 16.4 , < 16.4.1 (semver)
        cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    This issue was reported internally.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.548Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "GitLab Issue #8171",
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "GitLab",
              "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
              "vendor": "GitLab",
              "versions": [
                {
                  "lessThan": "16.2.8",
                  "status": "affected",
                  "version": "9.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.3.5",
                  "status": "affected",
                  "version": "16.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.4.1",
                  "status": "affected",
                  "version": "16.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "This issue was reported internally."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Patch in third party library Consul requires \u0027enable-script-checks\u0027 to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1395",
                  "description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-03T06:23:16.051Z",
            "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
            "shortName": "GitLab"
          },
          "references": [
            {
              "name": "GitLab Issue #8171",
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171"
            },
            {
              "url": "https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to versions 16.2.8, 16.3.5, 16.4.1 or above."
            }
          ],
          "title": "Dependency on Vulnerable Third-Party Component in GitLab"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "assignerShortName": "GitLab",
        "cveId": "CVE-2023-5332",
        "datePublished": "2023-12-04T06:30:33.856Z",
        "dateReserved": "2023-10-02T12:01:25.316Z",
        "dateUpdated": "2024-10-03T06:23:16.051Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-3518 (GCVE-0-2023-3518)

    Vulnerability from cvelistv5 – Published: 2023-08-09 15:06 – Updated: 2024-10-08 14:56
    VLAI
    Title
    JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
    Summary
    HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:55:03.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-3518",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T14:42:29.313810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T14:56:28.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.16.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.16.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T21:02:13.649Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004"
            }
          ],
          "source": {
            "advisory": "HCSEC-2023-25",
            "discovery": "INTERNAL"
          },
          "title": "JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-3518",
        "datePublished": "2023-08-09T15:06:52.406Z",
        "dateReserved": "2023-07-05T21:02:24.890Z",
        "dateUpdated": "2024-10-08T14:56:28.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1297 (GCVE-0-2023-1297)

    Vulnerability from cvelistv5 – Published: 2023-06-02 22:48 – Updated: 2025-01-08 17:51
    VLAI
    Title
    Consul Cluster Peering can Result in Denial of Service
    Summary
    Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-826 - Premature Release of Resource During Expected Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.14.0 , ≤ 1.14.5 (semver)
    Affected: 1.15.0 , ≤ 1.15.3 (semver)
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.14.0 , ≤ 1.14.5 (semver)
    Affected: 1.15.0 , ≤ 1.15.3 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:41:00.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-08T17:50:24.766676Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-08T17:51:02.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThanOrEqual": "1.14.5",
                  "status": "affected",
                  "version": "1.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.3",
                  "status": "affected",
                  "version": "1.15.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "lessThanOrEqual": "1.14.5",
                  "status": "affected",
                  "version": "1.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "1.15.3",
                  "status": "affected",
                  "version": "1.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions in a cluster that uses cluster peering."
                }
              ],
              "value": "Consul and Consul Enterprise\u0027s cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176: Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-826",
                  "description": "CWE-826: Premature Release of Resource During Expected Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-02T22:48:28.938Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": " Consul Cluster Peering can Result in Denial of Service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-1297",
        "datePublished": "2023-06-02T22:48:28.938Z",
        "dateReserved": "2023-03-09T18:51:51.406Z",
        "dateUpdated": "2025-01-08T17:51:02.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2816 (GCVE-0-2023-2816)

    Vulnerability from cvelistv5 – Published: 2023-06-02 22:43 – Updated: 2024-10-07 20:12
    VLAI
    Title
    Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
    Summary
    Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.15.0
    Affected: 1.15.1
    Affected: 1.15.2
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.15.0
    Affected: 1.15.1
    Affected: 1.15.2
    Create a notification for this product.
    hashicorp consul Affected: 1.15.0 , ≤ 1.15.2 (custom)
        cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*
    Create a notification for this product.
    hashicorp consul Affected: 1.15.0 , ≤ 1.15.2 (custom)
        cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThanOrEqual": "1.15.2",
                    "status": "affected",
                    "version": "1.15.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "consul",
                "vendor": "hashicorp",
                "versions": [
                  {
                    "lessThanOrEqual": "1.15.2",
                    "status": "affected",
                    "version": "1.15.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2816",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T20:11:32.907747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T20:12:01.627Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:33:05.672Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.15.0"
                },
                {
                  "status": "affected",
                  "version": "1.15.1"
                },
                {
                  "status": "affected",
                  "version": "1.15.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConsul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.\u003c/p\u003e\u003cbr/\u003e"
                }
              ],
              "value": "Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-113",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-113: Interface Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "CWE-266: Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T18:59:27.367Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525"
            }
          ],
          "source": {
            "advisory": "HCSEC-2023-16",
            "discovery": "INTERNAL"
          },
          "title": "Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-2816",
        "datePublished": "2023-06-02T22:43:34.553Z",
        "dateReserved": "2023-05-19T18:11:06.618Z",
        "dateUpdated": "2024-10-07T20:12:01.627Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0845 (GCVE-0-2023-0845)

    Vulnerability from cvelistv5 – Published: 2023-03-09 15:14 – Updated: 2025-02-28 16:24
    VLAI
    Title
    Consul Server Panic when Ingress and API Gateways Configured with Peering
    Summary
    Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - Null Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.14.0
    Affected: 1.14.1
    Affected: 1.14.2
    Affected: 1.14.3
    Affected: 1.14.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:24:34.464Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0845",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T16:24:00.841526Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T16:24:23.430Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.14.0"
                },
                {
                  "status": "affected",
                  "version": "1.14.1"
                },
                {
                  "status": "affected",
                  "version": "1.14.2"
                },
                {
                  "status": "affected",
                  "version": "1.14.3"
                },
                {
                  "status": "affected",
                  "version": "1.14.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service."
                }
              ],
              "value": "Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-113",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-113: Interface Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: Null Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:19.253Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Consul Server Panic when Ingress and API Gateways Configured with Peering"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2023-0845",
        "datePublished": "2023-03-09T15:14:26.581Z",
        "dateReserved": "2023-02-15T15:53:44.942Z",
        "dateUpdated": "2025-02-28T16:24:23.430Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3920 (GCVE-0-2022-3920)

    Vulnerability from cvelistv5 – Published: 2022-11-15 23:25 – Updated: 2025-04-29 20:02
    VLAI
    Title
    Consul Peering Imported Nodes/Services Leak
    Summary
    HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    HashiCorp Consul Affected: 1.13.0
    Affected: 1.13.1
    Affected: 1.13.2
    Affected: 1.13.3
    Create a notification for this product.
    HashiCorp Consul Enterprise Affected: 1.13.0
    Affected: 1.13.1
    Affected: 1.13.2
    Affected: 1.13.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:20:58.854Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T20:01:41.541343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T20:02:00.547Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul",
              "repo": "https://github.com/hashicorp/consul",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.13.3"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "64 bit",
                "32 bit",
                "x86",
                "ARM",
                "MacOS",
                "Windows",
                "Linux"
              ],
              "product": "Consul Enterprise",
              "vendor": "HashiCorp",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.13.0"
                },
                {
                  "status": "affected",
                  "version": "1.13.1"
                },
                {
                  "status": "affected",
                  "version": "1.13.2"
                },
                {
                  "status": "affected",
                  "version": "1.13.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster peering\u0027s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0."
                }
              ],
              "value": "HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering\u0027s imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-15T23:25:30.161Z",
            "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
            "shortName": "HashiCorp"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Consul Peering Imported Nodes/Services Leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "assignerShortName": "HashiCorp",
        "cveId": "CVE-2022-3920",
        "datePublished": "2022-11-15T23:25:30.161Z",
        "dateReserved": "2022-11-09T23:10:38.071Z",
        "dateUpdated": "2025-04-29T20:02:00.547Z",
        "requesterUserId": "5311d85b-fc2e-473d-9ddd-71031e52448b",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40716 (GCVE-0-2022-40716)

    Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-27 14:54
    VLAI
    Summary
    HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-252 - Unchecked Return Value
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:21:46.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628"
              },
              {
                "name": "FEDORA-2023-9f5f1ef40a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "name": "FEDORA-2023-cf3551046d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "name": "FEDORA-2023-b9c1d0e4c5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T14:54:18.423794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-252",
                    "description": "CWE-252 Unchecked Return Value",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T14:54:21.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:30.853Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628"
            },
            {
              "name": "FEDORA-2023-9f5f1ef40a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "name": "FEDORA-2023-cf3551046d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "name": "FEDORA-2023-b9c1d0e4c5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40716",
        "datePublished": "2022-09-23T00:00:00.000Z",
        "dateReserved": "2022-09-14T00:00:00.000Z",
        "dateUpdated": "2025-05-27T14:54:21.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41803 (GCVE-0-2021-41803)

    Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-27 15:22
    VLAI
    Summary
    HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-862 - Missing Authorization
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:22:24.351Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.hashicorp.com/blog/category/consul"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627"
              },
              {
                "name": "FEDORA-2023-9f5f1ef40a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
              },
              {
                "name": "FEDORA-2023-cf3551046d",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
              },
              {
                "name": "FEDORA-2023-b9c1d0e4c5",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-41803",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T15:21:40.244278Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-862",
                    "description": "CWE-862 Missing Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T15:22:09.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-15T20:06:23.780Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.hashicorp.com/blog/category/consul"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627"
            },
            {
              "name": "FEDORA-2023-9f5f1ef40a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
            },
            {
              "name": "FEDORA-2023-cf3551046d",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
            },
            {
              "name": "FEDORA-2023-b9c1d0e4c5",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-41803",
        "datePublished": "2022-09-23T00:00:00.000Z",
        "dateReserved": "2021-09-29T00:00:00.000Z",
        "dateUpdated": "2025-05-27T15:22:09.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-29153 (GCVE-0-2022-29153)

    Vulnerability from cvelistv5 – Published: 2022-04-19 00:00 – Updated: 2024-08-03 06:10
    VLAI Shadowserver
    Summary
    HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:10:59.268Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20220602-0005/"
              },
              {
                "name": "GLSA-202208-09",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-09"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/"
              },
              {
                "name": "FEDORA-2022-7e327a20be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-26T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://discuss.hashicorp.com"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20220602-0005/"
            },
            {
              "name": "GLSA-202208-09",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-09"
            },
            {
              "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/"
            },
            {
              "name": "FEDORA-2022-7e327a20be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-29153",
        "datePublished": "2022-04-19T00:00:00.000Z",
        "dateReserved": "2022-04-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T06:10:59.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }