CVE-2024-10005
published 2024-10-30CVE-2024-10005: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request…
PriorityP432medium5.8CVSS 3.1
AVNACLPRNUINSCCNILAN
EPSS
0.73%
49.4th percentile
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 1.9.0 < 1.20.1 | 1.20.1 |
| hashicorp | consul | — | — |
| hashicorp | consul | >= 1.18.0 < 1.18.5 | 1.18.5 |
| hashicorp | consul | >= 1.19.0 < 1.19.3 | 1.19.3 |
| hashicorp | consul | >= 1.4.1 < 1.20.1 | 1.20.1 |
| hashicorp | consul | >= 1.9.0 < 1.20.1 | 1.20.1 |
| hashicorp | consul | >= 1.9.0 < 1.15.15 | 1.15.15 |
| hashicorp | consul_enterprise | >= 1.9.0 < 1.20.1 | 1.20.1 |
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
osv5.8MEDIUM
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul
osv·2024-11-04
CVE-2024-10005 Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul
Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul
Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul
GHSA
Hashicorp Consul Path Traversal vulnerability
ghsa·2024-10-31
CVE-2024-10005 [HIGH] CWE-22 Hashicorp Consul Path Traversal vulnerability
Hashicorp Consul Path Traversal vulnerability
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
OSV
Hashicorp Consul Path Traversal vulnerability
osv·2024-10-31
CVE-2024-10005 [HIGH] Hashicorp Consul Path Traversal vulnerability
Hashicorp Consul Path Traversal vulnerability
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
OSV
CVE-2024-10005: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request
osv·2024-10-30·CVSS 5.8
CVE-2024-10005 [MEDIUM] CVE-2024-10005: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Red Hat
hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass
vendor_redhat·2024-10-30·CVSS 8.1
CVE-2024-10005 [HIGH] CWE-22 hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass
hashicorp/consul: consul: Consul L7 Intentions Vulnerable To URL Path Bypass
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
A vulnerability was found in HashiCorp Consul. Due to a lack of path normalization, URL paths in L7 traffic intentions can be exploited to bypass permissions defined in the intentions.
Statement: This vulnerability is rated as important severity because the lack of path normalization in HashiCorp Consul allows attackers to exploit URL paths in L7 traffic intentions, bypassing defined permissions. This can compromise both confidentiality and integrity, enabling unauthorized access to sensitive data and resources, highlighting the need for
Debian
CVE-2024-10005: consul - A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such t...
vendor_debian·2024·CVSS 8.1
CVE-2024-10005 [HIGH] CVE-2024-10005: consul - A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such t...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-30
Published