HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-17T17:28:11

Updated: 2024-08-03T23:25:30.307Z

Reserved: 2021-05-11T00:00:00

Link: CVE-2021-32574

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-07-17T18:15:07.723

Modified: 2022-10-25T20:41:30.533

Link: CVE-2021-32574

cve-icon Redhat

No data.