Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-29153Server-Side Request Forgery in Hashicorp Consul

CWE-918Server-Side Request Forgery9 documents7 sources
Severity
7.5HIGHNVD
EPSS
87.8%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Github.com Hashicorp ConsulHashicorp ConsulFedoraproject Fedora+1 more
Timeline
PublishedApr 19
Latest updateAug 21

Description

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDhashicorp/consul1.10.01.10.10+2
Gogithub.com/hashicorp_consul1.10.01.10.10+2
debiandebian/consul

Also affects: Fedora 37

🔴Vulnerability Details

5
OSV
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul2024-08-21
OSV
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector2022-04-20
GHSA
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector2022-04-20
OSV
CVE-2022-29153: HashiCorp Consul and Consul Enterprise up to 12022-04-19
VulnCheck
hashicorp consul Server-Side Request Forgery (SSRF)2022

💥Exploits & PoCs

1
Nuclei
HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

📋Vendor Advisories

2
Red Hat
consul: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector2022-04-19
Debian
CVE-2022-29153: consul - HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allo...2022
CVE-2022-29153 — Server-Side Request Forgery | cvebase