CVE-2018-19653

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 0.5.1 through 1.4.0

Description The issue arises from the improper documentation of the verify outgoing setting, allowing HashiCorp Consul to use cleartext agent-to-agent RPC communication. This affects versions 0.5.1 through 1.4.0. The vendor has provided reconfiguration steps to address this issue without requiring a software upgrade.

Recommendations For HashiCorp Consul versions 0.5.1 through 1.4.0, reconfigure the verify outgoing setting according to the vendor's provided instructions to prevent cleartext agent-to-agent RPC communication. As a temporary workaround, consider restricting the use of cleartext communication in the RPC until the reconfiguration is applied.