Improper Validation of Node and Segment Names in HashiCorp Consul JWT Claim Assertions

Improper Validation of Node and Segment Names in HashiCorp Consul JWT Claim Assertions

CVE-2021-41803 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."

Learn more about our Web Application Penetration Testing UK.