---

CVE-2021-36213 - log back

CVE-2021-36213 edited at 20 Jul 2021 08:24:11
References	- https://github.com/hashicorp/consul/releases/tag/v1.9.8 + https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 https://github.com/hashicorp/consul/pull/10619 https://github.com/hashicorp/consul/pull/10620 https://github.com/hashicorp/consul/commit/3ca24425ef7ad223077269a42041622f269ef5d0

CVE-2021-36213 edited at 17 Jul 2021 22:53:33
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
References	+ https://github.com/hashicorp/consul/releases/tag/v1.9.8 + https://github.com/hashicorp/consul/pull/10619 + https://github.com/hashicorp/consul/pull/10620 + https://github.com/hashicorp/consul/commit/3ca24425ef7ad223077269a42041622f269ef5d0
Notes

CVE-2021-36213 created at 17 Jul 2021 22:46:09