PT-2019-19855 · Hashicorp+1 · Hashicorp Consul+1

Hanshasselberg

Publicado

2019-03-26

Atualizado

2024-08-20

CVE-2019-9764

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul version 1.4.3

Description The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causing the product to behave as if it were set to false.

Recommendations For HashiCorp Consul version 1.4.3, update to version 1.4.4 to resolve the issue. As a temporary workaround, consider disabling agent-to-agent TLS communication until the update can be applied.

Exploit

Correção

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346

Identificadores relacionados

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

CVE-2019-9764

GHSA-Q7FX-WM2P-QFJ8

GO-2023-1853

Produtos afetados

Alt Linux

Hashicorp Consul

PT-2019-19855 · Hashicorp+1 · Hashicorp Consul+1

CVE-2019-9764

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11