PT-2024-8323 · Hashicorp+4 · Hashicorp Consul+4

Published

2024-10-30

Updated

2026-04-30

CVE-2024-10006

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Consul versions 1.9.0 through 1.20.0

Description A vulnerability was identified in Consul and Consul Enterprise such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. This could allow a remote attacker to gain access to confidential information by sending a specially crafted HTTP request.

Recommendations For Consul versions 1.9.0 through 1.20.0, update to the latest version as outlined in the advisory to resolve the issue. As a temporary workaround, consider restricting the use of Headers in L7 traffic intentions to minimize the risk of exploitation.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-644CWE-116

Related Identifiers

ALT-PU-2024-15498

BDU:2024-09879

BIT-CONSUL-2024-10006

CLEANSTART-2026-AD71344

CLEANSTART-2026-CN84623

CLEANSTART-2026-DB61851

CLEANSTART-2026-DP35743

CLEANSTART-2026-GY48351

CLEANSTART-2026-SO13464

CVE-2024-10006

GHSA-5C4W-8HHH-3C3H

GO-2024-3241

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14458-1

OPENSUSE-SU-2024_3950-1

SUSE-SU-2024:3950-1

Affected Products

Alt Linux

Hashicorp Consul

Debian

Red Os

Suse

PT-2024-8323 · Hashicorp+4 · Hashicorp Consul+4

CVE-2024-10006

Weakness Enumeration

Related Identifiers

Affected Products

References · 182