CVE-2024-10086 — Cross-site Scripting in Consul Enterprise

CWE-79 — Cross-site Scripting10 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

1.5%

top 19.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Consul Enterprise Github.com Hashicorp Consul Hashicorp Consul +1 more

Timeline

PublishedOct 30

Latest updateNov 4

Description

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5hashicorp/consul_enterprise1.4.1 — 1.20.0

▶NVDhashicorp/consul1.4.1 — 1.15.15+3

▶Gogithub.com/hashicorp_consul1.4.1 — 1.20.0

▶debiandebian/consul

🔴Vulnerability Details

OSV

Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul↗2024-11-04

▶

OSV

Hashicorp Consul Cross-site Scripting vulnerability↗2024-10-31

▶

GHSA

Hashicorp Consul Cross-site Scripting vulnerability↗2024-10-31

▶

OSV

CVE-2024-10086: A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowi↗2024-10-30

▶

📋Vendor Advisories

Red Hat

consul: Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation↗2024-10-30

▶

Oracle

Oracle Oracle Communications Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086↗2024-07-15

▶

Oracle

Oracle Oracle Hyperion Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086↗2024-01-15

▶

Debian

CVE-2024-10086: consul - A vulnerability was identified in Consul and Consul Enterprise such that the ser...↗2024

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2808 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶