Multiple vulnerabilities in HashiCorp Consul and Consul Enterprise
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-10005 CVE-2024-10006 |
| CWE-ID | CWE-22 CWE-644 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Consul Server applications / Other server solutions Consul Enterprise Server applications / Other server solutions |
| Vendor | HashiCorp |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU99582
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-10005
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsConsul: 1.9.0 - 1.20.0
Consul Enterprise: 1.9.0 - 1.20.0
CPE2.3- cpe:2.3:a:hashicorp:consul:1.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul_enterprise:1.9.17:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul_enterprise:1.19.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:consul_enterprise:1.20.0:*:*:*:*:*:*:*
https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass
https://github.com/advisories/GHSA-chgm-7r52-whjj
https://github.com/hashicorp/consul/releases/tag/v1.20.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU99581
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-10006
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation when processing HTTP requests. A remote non-authenticated attacker can send a specially crafted HTTP request with an arbitrary Host header that will be accepted by the application.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConsul: 1.9.0 - 1.20.0
Consul Enterprise: 1.9.0 - 1.20.0
CPE2.3https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass
https://github.com/advisories/GHSA-5c4w-8hhh-3c3h
https://github.com/hashicorp/consul/releases/tag/v1.20.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
