CVE-2021-41803

Missing Authorization in go/github.com/hashicorp/consul

Identifiers

CVE-2021-41803

Package Slug

go/github.com/hashicorp/consul

Vulnerability

Missing Authorization

Description

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2.

Affected Versions

All versions starting from 1.8.1 before 1.11.9, version 1.12.4, version 1.13.1

Solution

Upgrade to version 1.11.9 or above.

Last Modified

2022-09-27

source