CVE-2019-9764: Improper Certificate Validation

March 26, 2019 (updated March 28, 2019)

HashiCorp Consul lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true.

References

nvd.nist.gov/vuln/detail/CVE-2019-9764

Detect and mitigate CVE-2019-9764 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →