AVG-2360 log

Package	consul
Status	Fixed
Severity	High
Type	multiple issues
Affected	1.10.1-1
Fixed	1.10.2-1
Current	1.22.0-1 [extra]
Ticket	None
Created	Thu Sep 9 12:37:39 2021

Issue	Severity	Remote	Type	Description
CVE-2021-38698	Medium	Yes	Information disclosure	In HashiCorp Consul before version 1.10.2, the Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
CVE-2021-37219	High	Yes	Privilege escalation	In HashiCorp Consul before version 1.10.2, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only...

Issue

Severity

Remote

Type

Description

CVE-2021-38698

Medium

Yes

Information disclosure

In HashiCorp Consul before version 1.10.2, the Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

CVE-2021-37219

High

Yes

Privilege escalation

In HashiCorp Consul before version 1.10.2, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only...