Описание
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
A flaw in Consul Raft RPC layer allows privilege escalation by allowing access to access server-only functionality from non-server agents with a valid certificate signed by the same CA.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | consul | Not affected | ||
| OpenShift Service Mesh 2.0 | consul | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | consul | Not affected |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...
HashiCorp Consul Privilege Escalation Vulnerability
8.8 High
CVSS3