Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
Vulnerability Description
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
HashiCorp Consul 安全漏洞
Vulnerability Description
HashiCorp Consul是美国HashiCorp公司的一套分布式、高可用数据中心感知解决方案。该产品用于跨动态分布式基础架构连接和配置应用程序。 HashiCorp Consul、Consul Enterprise 1.15.0 到 1.15.2版本存在安全漏洞,该漏洞源于允许任何具有 service:write 权限的用户使用通过 service-defaults 配置的 Envoy 扩展来修补针对已配置服务的远程代理实例,无论用户是否有权修改与那些已修改的服务相对应的服务 代理。
CVSS Information
N/A
Vulnerability Type
N/A