Lucene search

K

MitreCVELIST:CVE-2022-40716

HistorySep 23, 2022 - 12:00 a.m.

CVE-2022-40716

2022-09-2300:00:00

mitre

www.cve.org

2

hashicorp

consul

consul enterprise

san uri

csr

internal rpc endpoint

privileged access

service mesh intentions

vulnerability

update

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."

References

discuss.hashicorp.com

discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

Related for CVELIST:CVE-2022-40716

osv3 veracode1 wolfi1 prion1 alpinelinux1 cgr1 nvd1 ubuntucve1 debiancve1 cve1 redhatcve1 github1 photon4 openvas3 nessus3 fedora3 ibm1