AVG-2360 log

Package consul
Status Fixed
Severity High
Type multiple issues
Affected 1.10.1-1
Fixed 1.10.2-1
Current 1.20.1-1 [extra]
Ticket None
Created Thu Sep 9 12:37:39 2021
Issue Severity Remote Type Description
CVE-2021-38698 Medium Yes Information disclosure
In HashiCorp Consul before version 1.10.2, the Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
CVE-2021-37219 High Yes Privilege escalation
In HashiCorp Consul before version 1.10.2, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only...