CVE-2024-10005

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Consul versions 1.9.0 through 1.20.1

Description A vulnerability was identified in Consul such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. This issue allows a remote attacker to bypass security restrictions using a specially crafted HTTP request.

Recommendations For Consul versions 1.9.0 through 1.20.1, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to L7 traffic intentions until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2024-15498

BDU:2024-10201

BIT-CONSUL-2024-10005

CLEANSTART-2026-AD71344

CLEANSTART-2026-CN84623

CLEANSTART-2026-DB61851

CLEANSTART-2026-DP35743

CLEANSTART-2026-GY48351

CLEANSTART-2026-SO13464

CVE-2024-10005

GHSA-CHGM-7R52-WHJJ

GO-2024-3243

OPENSUSE-SU-2024:0350-1

OPENSUSE-SU-2024:14458-1

OPENSUSE-SU-2024_3950-1

SUSE-SU-2024:3950-1

Affected Products

Alt Linux

Hashicorp Consul

Debian

Red Os

Suse

CVE-2024-10005

Weakness Enumeration

Related Identifiers

Affected Products

References · 183