FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

consul -- rpc: authorize raft requests

Affected packages
consul < 1.10.2
consul < 1.9.9
consul < 1.8.15

Details

VuXML ID 376df2f1-1295-11ec-859e-000c292ee6b8
Discovery 2021-08-27
Entry 2021-09-11

Hashicorp reports:

HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.

[source]

References

CVE Name CVE-2021-37219
URL https://github.com/hashicorp/consul/releases/tag/v1.9.9

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.