Input Validation Flaw in HasciCorp Consul Leading to JWT Claim Vulnerabilities
CVE-2021-41803

7.1HIGH

Key Information:

Vendor

Hashicorp
Status
Consul
Vendor
CVE Published:
23 September 2022

What is CVE-2021-41803?

An input validation error has been identified in HashiCorp Consul versions ranging from 1.8.1 to 1.11.8, as well as 1.12.4 and 1.13.1. The vulnerability arises when node or segment names are not adequately validated before being interpolated in JSON Web Token (JWT) claim assertions during the auto configuration remote procedure call (RPC). This oversight can potentially lead to unauthorized access or manipulation of sensitive data. Users are advised to update to fixed versions 1.11.9, 1.12.5, or 1.13.2 to secure their deployments against this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.hashicorp.com/blog/category/consul
https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.