VDB
CVE-2021-32574
CVE-2021-32574
PUBLISHED
HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
EPSS 0.80% · 74.4th percentile
Risk Scores
EPSS Score
0.80%
74.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | consul | 1.3.0, 1.9.0, 1.10.0 |
| Bitnami | consul | 1.9.0, 1.10.0, 1.3.0 |
Timeline
- Jul 17, 2021 CVE Published
- Jul 18, 2021 EPSS Score
- Sep 15, 2021 EPSS Score
- Nov 14, 2021 EPSS Score
- Jan 12, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 13, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 10, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Nov 7, 2022 EPSS Score
- Jan 5, 2023 EPSS Score
References
- https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 url
- https://github.com/hashicorp/consul/releases/tag/v1.10.1 url
- https://security.gentoo.org/glsa/202208-09 url
- https://www.hashicorp.com/blog/category/consul url
- https://nvd.nist.gov/vuln/detail/CVE-2021-32574 url