CVE-2022-40716

Unchecked Return Value in go/github.com/hashicorp/consul/acl

Identifiers

CVE-2022-40716

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Unchecked Return Value

Description

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2.

Affected Versions

All versions before 1.11.9, all versions starting from 1.12.0 before 1.12.5, all versions starting from 1.12.0 before 1.12.5, all versions starting from 1.13.0 before 1.13.2, all versions starting from 1.13.0 before 1.13.2

Solution

Upgrade to versions 1.11.9, 1.12.5, 1.12.5, 1.13.2, 1.13.2 or above.

Last Modified

2022-09-27

source