CVE-2021-38698

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise version 1.10.1

Description The Txn.Apply endpoint in HashiCorp Consul and Consul Enterprise allowed services to register proxies for other services, enabling access to service traffic.

Recommendations For HashiCorp Consul and Consul Enterprise version 1.10.1, update to version 1.10.2 to resolve the issue. For earlier versions, update to version 1.8.15 or 1.9.9 to resolve the issue. As a temporary workaround, consider restricting access to the Txn.Apply endpoint until a patch is available.

Fix

Incorrect Authorization

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-862

Related Identifiers

ALT-PU-2021-3445

ALT-PU-2023-7106

ALT-PU-2024-8028

BIT-CONSUL-2021-38698

CVE-2021-38698

GHSA-6HW5-6GCX-PHMW

GO-2022-0559

Affected Products

Alt Linux

Astra Linux

Hashicorp Consul Enterprise

Debian

Hashicorp Consul

CVE-2021-38698

Weakness Enumeration

Related Identifiers

Affected Products

References · 18