← volver
CVE-2021-32574

CVE-2021-32574

EPSS 1.5%
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856https://github.com/hashicorp/consul/releases/tag/v1.10.1https://security.gentoo.org/glsa/202208-09https://www.hashicorp.com/blog/category/consul