Vulnerability CVE-2021-41803


Published: 2022-09-23

Description:
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

 References:
https://www.hashicorp.com/blog/category/consul
https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627

Copyright 2022, cxsecurity.com

 

Back to Top