CVE-2024-10086
published 2024-10-30CVE-2024-10086: A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing…
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.43%
34.2th percentile
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 1.4.1 < 1.20.0 | 1.20.0 |
| hashicorp | consul | >= 1.18.0 < 1.18.5 | 1.18.5 |
| hashicorp | consul | >= 1.19.0 < 1.19.3 | 1.19.3 |
| hashicorp | consul | >= 1.4.1 < 1.15.15 | 1.15.15 |
| hashicorp | consul | >= 1.4.1 < 1.20.0 | 1.20.0 |
| hashicorp | consul_enterprise | >= 1.4.1 < 1.20.0 | 1.20.0 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vendor_oracle7.3HIGH
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
osv·2024-11-04
CVE-2024-10086 Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
OSV
Hashicorp Consul Cross-site Scripting vulnerability
osv·2024-10-31
CVE-2024-10086 [MEDIUM] Hashicorp Consul Cross-site Scripting vulnerability
Hashicorp Consul Cross-site Scripting vulnerability
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
GHSA
Hashicorp Consul Cross-site Scripting vulnerability
ghsa·2024-10-31
CVE-2024-10086 [MEDIUM] CWE-79 Hashicorp Consul Cross-site Scripting vulnerability
Hashicorp Consul Cross-site Scripting vulnerability
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
OSV
CVE-2024-10086: A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowi
osv·2024-10-30·CVSS 6.1
CVE-2024-10086 [MEDIUM] CVE-2024-10086: A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowi
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Red Hat
consul: Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
vendor_redhat·2024-10-30·CVSS 6.1
CVE-2024-10086 [MEDIUM] CWE-79 consul: Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
consul: Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
A flaw was found in Consul and Consul Enterprise. This vulnerability allows reflected Cross-site scripting (XSS) attacks via missing Content-Type HTTP header in server responses, enabling misinterpretation of user-provided inputs.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: devspaces/
Oracle
Oracle Oracle Communications Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086
vendor_oracle·2024-07-15·CVSS 7.3
CVE-2019-10086 [HIGH] Oracle Oracle Communications Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086
Oracle Oracle Communications Risk Matrix: Security (Apache Commons BeanUtils) vulnerability
CVE: CVE-2019-10086
CVSS: 7.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
Oracle
Oracle Oracle Hyperion Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086
vendor_oracle·2024-01-15·CVSS 7.3
CVE-2019-10086 [HIGH] Oracle Oracle Hyperion Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086
Oracle Oracle Hyperion Risk Matrix: Security (Apache Commons BeanUtils) vulnerability
CVE: CVE-2019-10086
CVSS: 7.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
Debian
CVE-2024-10086: consul - A vulnerability was identified in Consul and Consul Enterprise such that the ser...
vendor_debian·2024·CVSS 6.1
CVE-2024-10086 [MEDIUM] CVE-2024-10086: consul - A vulnerability was identified in Consul and Consul Enterprise such that the ser...
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
2024-10-30
Published