Consul L7 Intentions Header Bypass
CVE-2024-10006 Published on October 30, 2024
Consul L7 Intentions Vulnerable To Headers Bypass
A vulnerability was identified in Consul and Consul Enterprise (Consul) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
Weakness Type
Improper Neutralization of HTTP Headers for Scripting Syntax
The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
Products Associated with CVE-2024-10006
Want to know whenever a new CVE is published for HashiCorp Consul? stack.watch will email you.
Affected Versions
HashiCorp Consul:- Version 1.9.0 and below 1.20.1 is affected.
- Version 1.9.0 and below 1.20.1 is affected.
- Version 1.9.0 and below 1.20.1 is affected.
- Version 1.19.3 is unaffected.
- Version 1.18.5 is unaffected.
- Version 1.15.15 is unaffected.
- Version 1.9.0 and below 1.20.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.