HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-09-07T11:33:26

Updated: 2024-08-04T01:16:03.813Z

Reserved: 2021-07-21T00:00:00

Link: CVE-2021-37219

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-07T12:15:07.727

Modified: 2024-11-21T06:14:53.253

Link: CVE-2021-37219

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-08-26T00:00:00Z

Links: CVE-2021-37219 - Bugzilla