CVE-2024-10086

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*

History

08 Nov 2024, 15:49

Type Values Removed Values Added
References () https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation - () https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation - Vendor Advisory
CPE cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
First Time Hashicorp consul
Hashicorp

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Se identificó una vulnerabilidad en Consul y Consul Enterprise tal que la respuesta del servidor no establecía explícitamente un encabezado HTTP Content-Type, lo que permitía que las entradas proporcionadas por el usuario se malinterpretaran y generaran un XSS reflejado.

30 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-30 22:15

Updated : 2024-11-08 15:49


NVD link : CVE-2024-10086

Mitre link : CVE-2024-10086

CVE.ORG link : CVE-2024-10086


JSON object : View

Products Affected

hashicorp

  • consul
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')