Known Vulnerabilities for Consul by Hashicorp
Listed below are 10 of the newest known vulnerabilities associated with "Consul" by "Hashicorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24687 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway al... | 6.5 - MEDIUM | 2022-02-24 | 2023-08-08 |
| CVE-2021-41805 | HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL... | 8.8 - HIGH | 2021-12-12 | 2022-03-31 |
| CVE-2021-41803 | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpola... | 7.1 - HIGH | 2022-09-23 | 2023-11-07 |
| CVE-2021-38698 | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, ena... | 6.5 - MEDIUM | 2021-09-07 | 2022-09-14 |
| CVE-2021-37219 | HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the ... | 8.8 - HIGH | 2021-09-07 | 2022-09-08 |
| CVE-2021-36213 | HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention ... | 7.5 - HIGH | 2021-07-17 | 2022-09-14 |
| CVE-2021-32574 | HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination servi... | 7.5 - HIGH | 2021-07-17 | 2022-10-25 |
| CVE-2021-28156 | HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in... | 7.5 - HIGH | 2021-04-20 | 2022-10-25 |
| CVE-2021-3121 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the ... | 8.6 - HIGH | 2021-01-11 | 2023-11-07 |
| CVE-2020-7219 | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible t... | 7.5 - HIGH | 2020-01-31 | 2021-07-21 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Consul | 1.9.4 | All | All | All |
| Application | Hashicorp | Consul | 1.9.4 | All | All | All |
| Application | Hashicorp | Consul | 1.9.3 | All | All | All |
| Application | Hashicorp | Consul | 1.9.3 | All | All | All |
| Application | Hashicorp | Consul | 1.9.2 | All | All | All |
| Application | Hashicorp | Consul | 1.9.2 | All | All | All |
| Application | Hashicorp | Consul | 1.9.1 | All | All | All |
| Application | Hashicorp | Consul | 1.9.1 | All | All | All |
| Application | Hashicorp | Consul | 1.9.0 | All | All | All |
| Application | Hashicorp | Consul | 1.9.0 | All | All | All |
| Application | Hashicorp | Consul | 1.8.9 | - | All | All |
| Application | Hashicorp | Consul | 1.8.9 | - | All | All |
| Application | Hashicorp | Consul | 1.8.9 | beta1 | All | All |
| Application | Hashicorp | Consul | 1.8.9 | beta1 | All | All |
| Application | Hashicorp | Consul | 1.8.8 | All | All | All |
| Application | Hashicorp | Consul | 1.8.8 | All | All | All |
| Application | Hashicorp | Consul | 1.8.7 | All | All | All |
| Application | Hashicorp | Consul | 1.8.7 | All | All | All |
| Application | Hashicorp | Consul | 1.8.6 | All | All | All |
| Application | Hashicorp | Consul | 1.8.6 | All | All | All |