CVE-2022-40716
go/github.com/hashicorp/consul/acl
Unchecked Return Value
HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2.
All versions before 1.11.9, all versions starting from 1.12.0 before 1.12.5, all versions starting from 1.12.0 before 1.12.5, all versions starting from 1.13.0 before 1.13.2, all versions starting from 1.13.0 before 1.13.2
Upgrade to versions 1.11.9, 1.12.5, 1.12.5, 1.13.2, 1.13.2 or above.
2022-09-27
source |