CVE-2021-36213 is a vulnerability in HashiCorp Consul
Published on July 17, 2021
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.
Products Associated with CVE-2021-36213
Want to know whenever a new CVE is published for HashiCorp Consul? stack.watch will email you.
Exploit Probability
EPSS
0.77%
Percentile
73.22%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.