CVE Vulnerabilities

CVE-2021-28156

Published: Apr 20, 2021 | Modified: Apr 23, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

Affected Software

Name Vendor Start Version End Version
Consul Hashicorp 1.8.0 *
Consul Hashicorp 1.9.0 *
Consul Ubuntu groovy *
Consul Ubuntu hirsute *
Consul Ubuntu trusty *

References