Bypassing Audit Log in HashiCorp Consul Enterprise Versions 1.8.0 to 1.9.4

Bypassing Audit Log in HashiCorp Consul Enterprise Versions 1.8.0 to 1.9.4

CVE-2021-28156 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.

Learn more about our Web Application Penetration Testing UK.