CVE-2024-10005 | THREATINT

Description

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

PUBLISHED Reserved 2024-10-15 | Published 2024-10-30 | Updated 2025-01-10 | Assigner HashiCorp

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)

Product status

Default status

unaffected

1.9.0 (semver) before 1.20.1

affected

Default status

unaffected

1.9.0 (semver) before 1.20.1

affected

References

security.netapp.com/advisory/ntap-20250110-0004/

discuss.hashicorp.com/...tions-vulnerable-to-url-path-bypass

cve.org (CVE-2024-10005)

nvd.nist.gov (CVE-2024-10005)

Download JSON

help @ threatint.eu