Описание
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.5.1 (включая) до 1.4.0 (включая)
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00427
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
CVSS3: 5.9
ubuntu
около 7 лет назад
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVSS3: 5.9
debian
около 7 лет назад
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent ...
CVSS3: 5.9
github
больше 3 лет назад
HashiCorp Consul can use cleartext agent-to-agent RPC communication
EPSS
Процентиль: 62%
0.00427
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-310