CVE-2019-9764

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul version 1.4.3

Description The issue arises from a lack of server hostname verification for agent-to-agent TLS communication in HashiCorp Consul. This occurs even when the verify server hostname setting is set to true, causing the product to behave as if it were set to false.

Recommendations For HashiCorp Consul version 1.4.3, update to version 1.4.4 to resolve the issue. As a temporary workaround, consider disabling agent-to-agent TLS communication until the update can be applied.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

ALT-PU-2020-3391

ALT-PU-2020-3421

ALT-PU-2022-1256

CVE-2019-9764

GHSA-Q7FX-WM2P-QFJ8

GO-2023-1853

Affected Products

Alt Linux

Hashicorp Consul

CVE-2019-9764

Weakness Enumeration

Related Identifiers

Affected Products

References · 11