You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HashiCorp Consul is vulnerable to privilege escalation due to the improper authorization of certificates that are being used for Raft requests. A remote attacker that has a non-server certificate that has been signed by the Consul certificate authority could access server-only Raft RPC functionality.
依赖的github.com/bketelsen/crypt 0.0.4 (depend github.com/hashicorp/consul/api v1.1.0) 版本太低,存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞。
HashiCorp Consul is vulnerable to privilege escalation due to the improper authorization of certificates that are being used for Raft requests. A remote attacker that has a non-server certificate that has been signed by the Consul certificate authority could access server-only Raft RPC functionality.
升级到 github.com/bketelsen/crypt 0.0.5( depend github.com/hashicorp/consul/api v1.11.0) 可以解决,已提PR : #81 ,请审核
The text was updated successfully, but these errors were encountered: