Multiple SAN URI Values Bypass Vulnerability in HashiCorp Consul and Consul Enterprise

Multiple SAN URI Values Bypass Vulnerability in HashiCorp Consul and Consul Enterprise

CVE-2022-40716 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."

Learn more about our Internal Network Penetration Testing.