CVE-2024-10006

Опубликовано: 30 окт. 2024

Источник: debian

Описание

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
consul	removed			package
consul	end-of-life		bullseye	package

Примечания

https://github.com/advisories/GHSA-5c4w-8hhh-3c3h

Связанные уязвимости

CVE-2024-10006

CVSS3: 8.3

ubuntu

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

CVE-2024-10006

CVSS3: 8.3

redhat

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

CVE-2024-10006

CVSS3: 8.3

nvd

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

GHSA-5c4w-8hhh-3c3h

CVSS3: 8.3

github

больше 1 года назад

Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability

BDU:2024-09879

CVSS3: 5.8

fstec

больше 1 года назад

Уязвимость инструмента настройки сервисов Consul Community Edition и Consul Enterprise, связанная с непринятием мер по нейтрализации заголовков HTTP для синтаксиса сценариев, позволяющая нарушителю получить достпу к конфиденциальной информации