A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Metrics
Affected Vendors & Products
References
History
Fri, 08 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hashicorp
Hashicorp consul |
|
CPEs | cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:* cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:* |
|
Vendors & Products |
Hashicorp
Hashicorp consul |
Thu, 31 Oct 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 31 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 30 Oct 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. | |
Title | Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-10-30T21:21:46.559Z
Updated: 2024-10-31T13:49:28.120Z
Reserved: 2024-10-17T15:23:28.133Z
Link: CVE-2024-10086
Vulnrichment
Updated: 2024-10-31T13:49:24.638Z
NVD
Status : Analyzed
Published: 2024-10-30T22:15:03.283
Modified: 2024-11-08T15:49:52.087
Link: CVE-2024-10086
Redhat