Описание
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-29153
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery
- https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH
- https://security.gentoo.org/glsa/202208-09
- https://security.netapp.com/advisory/ntap-20220602-0005
Пакеты
github.com/hashicorp/consul
< 1.9.17
1.9.17
github.com/hashicorp/consul
>= 1.10.0, < 1.10.10
1.10.10
github.com/hashicorp/consul
>= 1.11.0, < 1.11.5
1.11.5
Связанные уязвимости
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...
Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю осуществить атаку SSRF