CVE-2021-28156
go/github.com/hashicorp/consul/acl
Improper Input Validation
HashiCorp Consul Enterprise's audit log can be bypassed by specifically crafted HTTP events. An attacker could maliciously craft valid HTTP requests with specific parameters which cause the HTTP event to be incorrectly excluded from Consul Enterprise’s audit log.
All versions starting from 1.8.0 before 1.8.10, all versions starting from 1.9.0 before 1.9.5
Upgrade to versions 1.8.10, 1.9.5 or above.
2021-04-26
source |