cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-10086,https://securityvulnerability.io/vulnerability/CVE-2024-10086," reflective XSS vulnerability found in Consul and Consul Enterprise","A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.",Hashicorp,"Consul,Consul Enterprise",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-30T21:21:46.559Z,0
CVE-2024-10006,https://securityvulnerability.io/vulnerability/CVE-2024-10006,Bypassing HTTP Header Based Access Rules via L7 Traffic Intentions,"A security issue has been detected in Consul and Consul Enterprise that allows L7 traffic intentions to bypass access controls established through HTTP headers. This vulnerability could enable unauthorized access, disrupting the expected security posture of applications relying on these header-based rules. It's crucial for users to review and mitigate potential risks associated with this issue.",Hashicorp,"Consul,Consul Enterprise",5.8,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-10-30T21:20:37.011Z,0
CVE-2024-10005,https://securityvulnerability.io/vulnerability/CVE-2024-10005,Bypassing HTTP Request Path-Based Access Rules Through URL Paths in L7 Traffic,A vulnerability in Consul and Consul Enterprise allows attackers to bypass HTTP request path-based access controls through the manipulation of URL paths in Layer 7 (L7) traffic intentions. This could lead to unauthorized access to sensitive resources and pose a significant risk to network security. Users are advised to review their access control configurations and apply necessary updates to mitigate potential exploits related to this issue.,Hashicorp,"Consul,Consul Enterprise",5.8,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-10-30T21:19:22.576Z,0
CVE-2023-3518,https://securityvulnerability.io/vulnerability/CVE-2023-3518,JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access,"HashiCorp Consul and Consul Enterprise version 1.16.0 presents an issue where the JWT authentication for service mesh incorrectly manages access permissions based on mismatched service identities. This flaw may allow unauthorized access or deny legitimate access to services in the mesh. The vulnerability has been addressed in version 1.16.1, and users are encouraged to upgrade to safeguard against potential exploitation.",Hashicorp,"Consul,Consul Enterprise",7.4,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2023-08-09T16:15:00.000Z,0
CVE-2023-2816,https://securityvulnerability.io/vulnerability/CVE-2023-2816,Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner,"A vulnerability exists in Consul and Consul Enterprise that allows users with service:write permissions to exploit Envoy extensions through service-defaults. This misconfiguration enables unauthorized users to alter remote proxy instances that target the designated services. Consequently, even if these users lack the requisite permissions to make changes to the corresponding services, they can still affect the behavior of these services, leading to potential security risks and unauthorized access.",Hashicorp,"Consul,Consul Enterprise",8.7,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-06-02T23:15:00.000Z,0
CVE-2023-1297,https://securityvulnerability.io/vulnerability/CVE-2023-1297," Consul Cluster Peering can Result in Denial of Service","The cluster peering implementation in Consul and Consul Enterprise has a flaw that permits a peer cluster with a service sharing the same name as a local service to corrupt the Consul state. This situation can lead to a disruption in service, effectively resulting in a denial of service. This vulnerability has been addressed in versions 1.14.5 and 1.15.3 of Consul.",Hashicorp,"Consul,Consul Enterprise",4.9,MEDIUM,0.0008999999845400453,false,,false,false,false,,,false,false,,2023-06-02T23:15:00.000Z,0
CVE-2023-0845,https://securityvulnerability.io/vulnerability/CVE-2023-0845,Consul Server Panic when Ingress and API Gateways Configured with Peering,Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.,HashiCorp,"Consul,Consul Enterprise",6.5,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2023-03-09T16:15:00.000Z,0
CVE-2022-3920,https://securityvulnerability.io/vulnerability/CVE-2022-3920,Consul Peering Imported Nodes/Services Leak,HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.,Hashicorp,"Consul,Consul Enterprise",5.3,MEDIUM,0.0017900000093504786,false,,false,false,false,,,false,false,,2022-11-16T00:15:00.000Z,0