Server Side Request Forgery in HashiCorp Consul and Consul Enterprise

Server Side Request Forgery in HashiCorp Consul and Consul Enterprise

CVE-2022-29153 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

Learn more about our Cis Benchmark Audit For Server Software.