CVE-2021-41803

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.8.1 through 1.11.8 HashiCorp Consul version 1.12.4 HashiCorp Consul version 1.13.1

Description The issue arises from improper validation of node or segment names prior to their interpolation and usage in JWT claim assertions with the auto config RPC. This could potentially lead to security issues, although specific details about the estimated number of affected devices or real-world incidents are not provided.

Recommendations For HashiCorp Consul versions 1.8.1 through 1.11.8, update to version 1.11.9 or later. For HashiCorp Consul version 1.12.4, update to version 1.12.5 or later. For HashiCorp Consul version 1.13.1, update to version 1.13.2 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

ALT-PU-2023-1696

ALT-PU-2023-7106

ALT-PU-2024-8028

BDU:2025-04574

BIT-CONSUL-2021-41803

CVE-2021-41803

GHSA-HR3V-8CP3-68RF

GO-2024-2683

Affected Products

Alt Linux

Debian

Hashicorp Consul

Red Os

CVE-2021-41803

Weakness Enumeration

Related Identifiers

Affected Products

References · 27