cbcvebase.
CVE-2018-19653
published 2018-12-09

CVE-2018-19653: HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the…

PriorityP426medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
1.22%
65.0th percentile
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianconsul< consul 1.4.4~dfsg1-1 (bullseye)consul 1.4.4~dfsg1-1 (bullseye)
github.comhashicorp_consul>= 0.5.1 < 1.4.11.4.1
hashicorpconsul>= 0 < 1.4.4~dfsg1-11.4.4~dfsg1-1
hashicorpconsul0.5.1 – 1.4.0

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.