GHSA-5c4w-8hhh-3c3h

Опубликовано: 31 окт. 2024

Источник: github

Github: Прошло ревью

CVSS4: 6.9

CVSS3: 8.3

Описание

Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Ссылки

Пакеты

Наименование

github.com/hashicorp/consul

Затронутые версииВерсия исправления

>= 1.9.0, < 1.20.1

1.20.1

EPSS

Процентиль: 10%

0.00035

Низкий

6.9 Medium

CVSS4

8.3 High

CVSS3

CVE ID

CVE-2024-10006

Дефекты

CWE-116

CWE-644

Связанные уязвимости

CVE-2024-10006

CVSS3: 8.3

ubuntu

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

CVE-2024-10006

CVSS3: 8.3

redhat

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

CVE-2024-10006

CVSS3: 8.3

nvd

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

CVE-2024-10006

CVSS3: 8.3

debian

больше 1 года назад

A vulnerability was identified in Consul and Consul Enterprise (\u201c ...

BDU:2024-09879

CVSS3: 5.8

fstec

больше 1 года назад

Уязвимость инструмента настройки сервисов Consul Community Edition и Consul Enterprise, связанная с непринятием мер по нейтрализации заголовков HTTP для синтаксиса сценариев, позволяющая нарушителю получить достпу к конфиденциальной информации

EPSS

Процентиль: 10%

0.00035

Низкий

6.9 Medium

CVSS4

8.3 High

CVSS3

CVE ID

CVE-2024-10006

Дефекты

CWE-116

CWE-644