cbcvebase.
CVE-2024-10006
published 2024-10-30

CVE-2024-10006: A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based…

PriorityP432medium5.8CVSS 3.1
AVNACLPRNUINSCCNILAN
EPSS
0.47%
37.4th percentile
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianconsul
github.comhashicorp_consul>= 1.9.0 < 1.20.11.20.1
github.comicewhaletech_casaos-userservice>= 0 < 0.4.80.4.8
github.comicewhaletech_casaos-userservice>= 0.4.7 < 0.4.80.4.8
hashicorpconsul
hashicorpconsul>= 1.18.0 < 1.18.51.18.5
hashicorpconsul>= 1.19.0 < 1.19.31.19.3
hashicorpconsul>= 1.4.1 < 1.20.11.20.1
hashicorpconsul>= 1.9.0 < 1.20.11.20.1
hashicorpconsul>= 1.9.0 < 1.15.151.15.15
hashicorpconsul_enterprise>= 1.9.0 < 1.20.11.20.1

CVSS provenance

nvdv3.15.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
ghsa7.5HIGH
osv5.8MEDIUM
vendor_debian8.3HIGH
vendor_redhat8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.