Vulnerability: Insecure Destination Service Identity Validation in HashiCorp Consul and Consul Enterprise

Vulnerability: Insecure Destination Service Identity Validation in HashiCorp Consul and Consul Enterprise

CVE-2021-32574 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

Learn more about our Web Application Penetration Testing UK.