Defang Bo

**Name of the Vulnerable Software and Affected Versions** HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 **Description** HashiCorp Consul and Consul Enterprise are susceptible to an arbitrary file read issue when configured with Kubernetes authentication. The issue allows unauthorized access to files. The vulnerability is related to the vault kubernetes authentication provider. **Recommendations** Versions 1.18.20 through 1.21.10: Upgrade to version 1.18.21 or 1.21.11. Version 1.22.4: Upgrade to version 1.22.5.