CVE-2021-28156

Improper Input Validation in go/github.com/hashicorp/consul/acl

Identifier

CVE-2021-28156

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Improper Input Validation

Description

HashiCorp Consul Enterprise's audit log can be bypassed by specifically crafted HTTP events. An attacker could maliciously craft valid HTTP requests with specific parameters which cause the HTTP event to be incorrectly excluded from Consul Enterprise’s audit log.

Affected Versions

All versions starting from 1.8.0 before 1.8.10, all versions starting from 1.9.0 before 1.9.5

Solution

Upgrade to versions 1.8.10, 1.9.5 or above.

Last Modified

2021-04-26

source