CVE-2024-10005 — Path Traversal in Consul

CWE-22 — Path Traversal7 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 58.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Consul Hashicorp Consul Enterprise Github.com Hashicorp Consul +1 more

Timeline

PublishedOct 30

Latest updateNov 4

Description

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5hashicorp/consul_enterprise1.9.0 — 1.20.1

▶CVEListV5hashicorp/consul1.9.0 — 1.20.1

▶NVDhashicorp/consul1.4.1 — 1.20.1+4

▶Gogithub.com/hashicorp_consul1.9.0 — 1.20.1

▶debiandebian/consul

🔴Vulnerability Details

OSV

Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul↗2024-11-04

▶

GHSA

Hashicorp Consul Path Traversal vulnerability↗2024-10-31

▶

OSV

Hashicorp Consul Path Traversal vulnerability↗2024-10-31

▶

OSV

CVE-2024-10005: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request↗2024-10-30

▶

📋Vendor Advisories

Red Hat

hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass↗2024-10-30

▶

Debian

CVE-2024-10005: consul - A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such t...↗2024

▶