Pearkes

**Name of the Vulnerable Software and Affected Versions** HashiCorp Consul versions 0.5.1 through 1.4.0 **Description** The issue arises from the improper documentation of the `verify outgoing` setting, allowing HashiCorp Consul to use cleartext agent-to-agent RPC communication. This affects versions 0.5.1 through 1.4.0. The vendor has provided reconfiguration steps to address this issue without requiring a software upgrade. **Recommendations** For HashiCorp Consul versions 0.5.1 through 1.4.0, reconfigure the `verify outgoing` setting according to the vendor's provided instructions to prevent cleartext agent-to-agent RPC communication. As a temporary workaround, consider restricting the use of cleartext communication in the RPC until the reconfiguration is applied.