CVE-2024-10005

Опубликовано: 30 окт. 2024

Источник: debian

EPSS Низкий

Описание

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
consul	removed			package
consul	end-of-life		bullseye	package

Примечания

https://github.com/advisories/GHSA-chgm-7r52-whjj

EPSS

Процентиль: 9%

0.00035

Низкий

Связанные уязвимости

CVE-2024-10005

CVSS3: 8.1

ubuntu

8 месяцев назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

CVE-2024-10005

CVSS3: 8.1

redhat

8 месяцев назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

CVE-2024-10005

CVSS3: 8.1

nvd

8 месяцев назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

GHSA-chgm-7r52-whjj

CVSS3: 8.1

github

8 месяцев назад

Hashicorp Consul Path Traversal vulnerability

BDU:2024-10201

CVSS3: 8.1

fstec

8 месяцев назад

Уязвимость инструмента настройки сервиса Consul, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю обойти ограничения безопасности

EPSS

Процентиль: 9%

0.00035

Низкий