AVG-2171 log

Package consul
Status Fixed
Severity Medium
Type multiple issues
Affected 1.9.7-1
Fixed 1.9.8-1
Current 1.10.1-1 [community-testing]
1.9.8-1 [community]
Ticket None
Created Sat Jul 17 22:46:09 2021
Issue Severity Remote Type Description
CVE-2021-36213 Medium Yes Access restriction bypass
In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
CVE-2021-32574 Low Yes Certificate verification bypass
HashiCorp Consul before version 1.9.8 does not validate SSL certificates correctly: xds does not ensure that the Subject Alternative Name of an upstream is...
Date Advisory Package Type
27 Jul 2021 ASA-202107-69 consul multiple issues