A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Metrics
Affected Vendors & Products
References
History
Tue, 12 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
threat_severity
|
threat_severity
|
Fri, 08 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:* |
Fri, 01 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 31 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hashicorp
Hashicorp consul |
|
CPEs | cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:* cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:* |
|
Vendors & Products |
Hashicorp
Hashicorp consul |
|
Metrics |
ssvc
|
Wed, 30 Oct 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | |
Title | Consul L7 Intentions Vulnerable To URL Path Bypass | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-10-30T21:19:22.576Z
Updated: 2024-10-31T14:01:55.370Z
Reserved: 2024-10-15T17:46:30.633Z
Link: CVE-2024-10005
Vulnrichment
Updated: 2024-10-31T14:01:50.337Z
NVD
Status : Analyzed
Published: 2024-10-30T22:15:02.820
Modified: 2024-11-08T18:10:09.663
Link: CVE-2024-10005
Redhat