CVE-2021-38698

Incorrect Authorization in go/github.com/hashicorp/consul/acl

Identifiers

CVE-2021-38698

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Incorrect Authorization

Description

HashiCorp Consul and Consul Enterprise's Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

Affected Versions

All versions before 1.8.15, all versions starting from 1.9.0 before 1.9.9, all versions starting from 1.10.0 before 1.10.2

Solution

Upgrade to versions 1.8.15, 1.9.9, 1.10.2 or above.

Last Modified

2021-09-17

source