Описание
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hashicorp:consul:1.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00183
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-346
Связанные уязвимости
CVSS3: 7.4
ubuntu
почти 7 лет назад
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4.
CVSS3: 7.4
debian
почти 7 лет назад
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to ...
CVSS3: 7.4
github
больше 3 лет назад
HashiCorp Consul vulnerable to Origin Validation Error
EPSS
Процентиль: 40%
0.00183
Низкий
7.4 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-346