Vulnerability Description
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Consul | < 1.8.15 |
Related Weaknesses (CWE)
References
- https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-checkVendor Advisory
- https://security.gentoo.org/glsa/202208-09Third Party Advisory
- https://www.hashicorp.com/blog/category/consulProductVendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-checkVendor Advisory
- https://security.gentoo.org/glsa/202208-09Third Party Advisory
- https://www.hashicorp.com/blog/category/consulProductVendor Advisory
FAQ
What is CVE-2021-38698?
CVE-2021-38698 is a vulnerability with a CVSS score of 6.5 (MEDIUM). HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
How severe is CVE-2021-38698?
CVE-2021-38698 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38698?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Consul.