CVE-2021-41803

7.1HIGH

Key Information

Vendor: Hashicorp
Status: Consul
Vendor: CVE Published:; 23 September 2022

Summary

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 23, 2022
Vulnerability Reserved.
Sep 29, 2021

Collectors

NVD DatabaseMitre Database