Описание
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| impish | ignored | end of life |
| jammy | needs-triage | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю осуществить атаку SSRF
EPSS
5 Medium
CVSS2
7.5 High
CVSS3