CVE-2021-32574
published 2021-07-17CVE-2021-32574: HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.46%
70.2th percentile
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 0 < 1.10.1 | 1.10.1 |
| hashicorp | consul | >= 1.10.0 < 1.10.1 | 1.10.1 |
| hashicorp | consul | >= 1.3.0 < 1.8.14 | 1.8.14 |
| hashicorp | consul | >= 1.9.0 < 1.9.8 | 1.9.8 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-32574: consul - HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS conf...
vendor_debian·2021·CVSS 7.5
CVE-2021-32574 [HIGH] CVE-2021-32574: consul - HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS conf...
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
Scope: local
bullseye: open
OSV
Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
osv·2024-08-21
CVE-2021-32574 Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
GHSA
Hashicorp Consul Missing SSL Certificate Validation
ghsa·2021-07-19
CVE-2021-32574 [HIGH] CWE-295 Hashicorp Consul Missing SSL Certificate Validation
Hashicorp Consul Missing SSL Certificate Validation
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
OSV
Hashicorp Consul Missing SSL Certificate Validation
osv·2021-07-19
CVE-2021-32574 [HIGH] Hashicorp Consul Missing SSL Certificate Validation
Hashicorp Consul Missing SSL Certificate Validation
HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
OSV
CVE-2021-32574: HashiCorp Consul and Consul Enterprise 1
osv·2021-07-17·CVSS 7.5
CVE-2021-32574 [HIGH] CVE-2021-32574: HashiCorp Consul and Consul Enterprise 1
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856https://github.com/hashicorp/consul/releases/tag/v1.10.1https://security.gentoo.org/glsa/202208-09https://www.hashicorp.com/blog/category/consulhttps://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856https://github.com/hashicorp/consul/releases/tag/v1.10.1https://security.gentoo.org/glsa/202208-09https://www.hashicorp.com/blog/category/consul
2021-07-17
Published