A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
2024-10-30T22:15:02.820
2025-01-10T13:15:08.223
Modified
CVSSv3.1: 8.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | hashicorp | consul | < 1.20.1 | Yes |
| Application | hashicorp | consul | < 1.15.15 | Yes |
| Application | hashicorp | consul | < 1.18.5 | Yes |
| Application | hashicorp | consul | < 1.19.3 | Yes |
| Application | hashicorp | consul | 1.20.0 | Yes |