Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Consul | Hashicorp | 1.15.0 (including) | 1.15.3 (excluding) |
Consul | Ubuntu | bionic | * |
Consul | Ubuntu | kinetic | * |
Consul | Ubuntu | mantic | * |
Consul | Ubuntu | trusty | * |
Consul | Ubuntu | xenial | * |