CVE-2021-41803

Description

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

Related CPE's

ahashicorpconsul1.12.4***enterprise***

ahashicorpconsul1.13.1***enterprise***

ahashicorpconsul1.12.4***-***

ahashicorpconsul1.13.1***-***

ahashicorpconsul****enterprise***

ahashicorpconsul****-***

References

https://www.hashicorp.com/blog/category/consul

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io