VDB
BIT-consul-2022-29153
BIT-consul-2022-29153
PUBLISHED
CVSS 7.5 HIGH
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | consul | 0, 1.10.0, 1.11.0 |
Timeline
- Mar 6, 2024 CVE Published
- Apr 3, 2025 CVE Updated
References
- https://discuss.hashicorp.com url
- https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/ url
- https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH/ url
- https://security.gentoo.org/glsa/202208-09 url
- https://security.netapp.com/advisory/ntap-20220602-0005/ url
- https://nvd.nist.gov/vuln/detail/CVE-2022-29153 url