AVG-2360 log
Package | consul |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 1.10.1-1 |
Fixed | 1.10.2-1 |
Current | 1.20.1-1 [extra] |
Ticket | None |
Created | Thu Sep 9 12:37:39 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-38698 | Medium | Yes | Information disclosure | In HashiCorp Consul before version 1.10.2, the Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. |
CVE-2021-37219 | High | Yes | Privilege escalation | In HashiCorp Consul before version 1.10.2, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only... |