PT-2018-15031 · Hashicorp+1 · Hashicorp Consul+1
Pearkes
·
Published
2018-12-09
·
Updated
2024-08-20
·
CVE-2018-19653
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HashiCorp Consul versions 0.5.1 through 1.4.0
Description
The issue arises from the improper documentation of the
verify outgoing setting, allowing HashiCorp Consul to use cleartext agent-to-agent RPC communication. This affects versions 0.5.1 through 1.4.0. The vendor has provided reconfiguration steps to address this issue without requiring a software upgrade.Recommendations
For HashiCorp Consul versions 0.5.1 through 1.4.0, reconfigure the
verify outgoing setting according to the vendor's provided instructions to prevent cleartext agent-to-agent RPC communication.
As a temporary workaround, consider restricting the use of cleartext communication in the RPC until the reconfiguration is applied.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Hashicorp Consul