A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
History

Fri, 08 Nov 2024 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-116
CPEs cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*

Fri, 01 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 31 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Hashicorp
Hashicorp consul
CPEs cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:-:*:*:*:enterprise:*:*:*
Vendors & Products Hashicorp
Hashicorp consul
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 30 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
Title Consul L7 Intentions Vulnerable To Headers Bypass
Weaknesses CWE-644
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2024-10-30T21:20:37.011Z

Updated: 2024-10-31T13:59:13.505Z

Reserved: 2024-10-15T17:46:48.500Z

Link: CVE-2024-10006

cve-icon Vulnrichment

Updated: 2024-10-31T13:58:50.297Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-30T22:15:03.063

Modified: 2024-11-08T18:10:31.970

Link: CVE-2024-10006

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-30T21:20:37Z

Links: CVE-2024-10006 - Bugzilla