CVE-2021-38698: Incorrect Authorization

September 7, 2021 (updated September 15, 2021)

HashiCorp Consul and Consul Enterprise’s Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.

References

discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
nvd.nist.gov/vuln/detail/CVE-2021-38698
www.hashicorp.com/blog/category/consul

Detect and mitigate CVE-2021-38698 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →