CVE-2021-37219

Improper Certificate Validation in go/github.com/hashicorp/consul/acl

Identifiers

CVE-2021-37219

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Improper Certificate Validation

Description

HashiCorp Consul and Consul Enterprise's Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.

Affected Versions

All versions before 1.8.15, all versions starting from 1.9.0 before 1.9.9, all versions starting from 1.10.0 before 1.10.2

Solution

Upgrade to versions 1.8.15, 1.9.9, 1.10.2 or above.

Last Modified

2021-09-17

source