CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*

History

08 Nov 2024, 18:10

Type Values Removed Values Added
First Time Hashicorp
Hashicorp consul
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 5.8
References () https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass - () https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass - Vendor Advisory
CPE cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad en Consul y Consul Enterprise (“Consul”) tal que el uso de rutas URL en intenciones de tráfico L7 podría eludir las reglas de acceso basadas en rutas de solicitud HTTP.

30 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-30 22:15

Updated : 2024-11-08 18:10


NVD link : CVE-2024-10005

Mitre link : CVE-2024-10005

CVE.ORG link : CVE-2024-10005


JSON object : View

Products Affected

hashicorp

  • consul
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')