CVE-2021-32574

7.5HIGH

Key Information

Vendor: Hashicorp
Status: Consul
Vendor: CVE Published:; 17 July 2021

Summary

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 17, 2021
Vulnerability Reserved.
May 11, 2021

Collectors

NVD DatabaseMitre Database