In Consul Community Edition versions from 1.9.0 to 1.20.0 and Consul Enterprise versions 1.9.0 up to 1.20.0, 1.19.2, 1.18.4, and 1.15.14 a medium severity vulnerability CVE-2024-10005 was detected. This vulnerability allows attackers to bypass HTTP request path-based access controls in Layer 7 (L7) traffic intentions due to inadequate path normalization, potentially enabling unauthorized access to restricted HTTP paths. To fix this issue, users should upgrade Consul Community Edition to version 1.20.1 and Consul Enterprise to version 1.20.1, 1.19.3, 1.18.5, and 1.15.15. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10005.
Read more Networking
In Consul versions 1.9.0 and earlier than 1.20.1 a high severity vulnerability CVE-2024-10005 was detected. This vulnerability allows attackers to bypass HTTP request path-based access rules by using URL paths in L7 traffic intentions. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10005.
Read more Networking
In Consul versions 1.4.1 through 1.19.x a medium severity vulnerability CVE-2024-10086 was found. This issue could let attackers misuse user input, potentially causing a reflected XSS attack because the server response doesn’t include a Content-Type HTTP header. Currently, there is no fix for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10086.
Read more Networking
In Consul versions 1.9.0 through 1.20.0 a high severity vulnerability CVE-2024-10006 was detected. This vulnerability allows attackers to bypass HTTP header-based access rules by exploiting Headers in L7 traffic intentions. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-10006.
Read more Networking