← back
CVE-2021-32574

CVE-2021-32574

EPSS 1.5%
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856https://github.com/hashicorp/consul/releases/tag/v1.10.1https://security.gentoo.org/glsa/202208-09https://www.hashicorp.com/blog/category/consul