Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

依赖的github.com/bketelsen/crypt 版本太低,存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞 #82

Open
jiezinaxumi opened this issue Jul 14, 2023 · 0 comments

Comments

@jiezinaxumi
Copy link

jiezinaxumi commented Jul 14, 2023

依赖的github.com/bketelsen/crypt 0.0.4 (depend github.com/hashicorp/consul/api v1.1.0) 版本太低,存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞。

HashiCorp Consul is vulnerable to privilege escalation due to the improper authorization of certificates that are being used for Raft requests. A remote attacker that has a non-server certificate that has been signed by the Consul certificate authority could access server-only Raft RPC functionality.

升级到 github.com/bketelsen/crypt 0.0.5( depend github.com/hashicorp/consul/api v1.11.0) 可以解决,已提PR : #81 ,请审核

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant