CVE-2021-28156

CVE-2021-28156

EPSS 2.3%

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://discuss.hashicorp.com/t/hcsec-2021-08-consul-enterprise-audit-log-bypass-for-http-events/23369 https://security.gentoo.org/glsa/202208-09 https://www.hashicorp.com/blog/category/consul