CVE-2021-37219
go/github.com/hashicorp/consul/acl
Improper Certificate Validation
HashiCorp Consul and Consul Enterprise's Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.
All versions before 1.8.15, all versions starting from 1.9.0 before 1.9.9, all versions starting from 1.10.0 before 1.10.2
Upgrade to versions 1.8.15, 1.9.9, 1.10.2 or above.
2021-09-17
source |