Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-28156

Опубликовано: 16 апр. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

A flaw was found in the hashicorp consul, where the audit log could be bypassed. The highest threat from this vulnerability is to integrity.

Отчет

This vulnerability only affects the enterprise version of consul, which includes audit-logging [1]. Hence OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), and OpenShift Virtualization are not affected. [1] - https://www.consul.io/docs/enterprise/audit-logging

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemeshNot affected
OpenShift Service Mesh 2.0servicemesh-prometheusNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/metrics-collector-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multicluster-observability-rhel8-operatorNot affected
Red Hat Fuse 7consul-clientNot affected
Red Hat OpenShift Container Platform 4openshift4/cnf-tests-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/compliance-rhel8-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/file-integrity-rhel8-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-baremetal-machine-controllersNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-cluster-etcd-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-639
https://bugzilla.redhat.com/show_bug.cgi?id=1950492consul: Audit log requests bypass

EPSS

Процентиль: 79%
0.01279
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-28156

CVSS3: 7.5
ubuntu
почти 5 лет назад

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

nvd логотип

CVE-2021-28156

CVSS3: 7.5
nvd
почти 5 лет назад

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

debian логотип

CVE-2021-28156

CVSS3: 7.5
debian
почти 5 лет назад

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be ...

github логотип

GHSA-jw67-86pq-v324

CVSS3: 7.5
github
больше 3 лет назад

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

EPSS

Процентиль: 79%
0.01279
Низкий

7.5 High

CVSS3