---

CVE-2021-28156 - log back

CVE-2021-28156 edited at 20 Apr 2021 14:54:39
Description	- A vulnerability was identified in Consul Enterprise before version 1.9.5 where a crafted endpoint URL could be used to bypass the audit log. + A vulnerability was identified in Consul Enterprise version 1.8.0 up to version 1.9.4 where a crafted endpoint URL could be used to bypass the audit log. The issue is fixed in versions 1.9.5 and 1.8.10.
References	+ https://discuss.hashicorp.com/t/hcsec-2021-08-consul-enterprise-audit-log-bypass-for-http-events/23369 - https://github.com/hashicorp/consul/pull/10030 - https://github.com/hashicorp/consul/commit/2e84559d4b0e92d2b960a870c5580b2ecd799db4

CVE-2021-28156 edited at 16 Apr 2021 11:14:33
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ A vulnerability was identified in Consul Enterprise before version 1.9.5 where a crafted endpoint URL could be used to bypass the audit log.
References	+ https://github.com/hashicorp/consul/pull/10030 + https://github.com/hashicorp/consul/commit/2e84559d4b0e92d2b960a870c5580b2ecd799db4
Notes

CVE-2021-28156 created at 16 Apr 2021 11:11:45