Bypassing Audit Log in HashiCorp Consul Enterprise Versions 1.8.0 to 1.9.4
CVE-2021-28156 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
Learn more about our Web Application Penetration Testing UK.