ALT-PU-2024-15498-2
Closed vulnerabilities
Published: 2024-10-31
Modified: 2025-01-10
Modified: 2025-01-10
CVE-2024-10005
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Severity: MEDIUM (5.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
References:
Published: 2024-10-31
Modified: 2025-01-10
Modified: 2025-01-10
CVE-2024-10006
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
Severity: MEDIUM (5.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
References:
Published: 2024-10-31
Modified: 2025-01-10
Modified: 2025-01-10
CVE-2024-10086
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
Severity: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References:
Closed bugs
Не запускается контейнер без root