CVE-2024-10086 | THREATINT

Description

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

PUBLISHED Reserved 2024-10-17 | Published 2024-10-30 | Updated 2025-01-10 | Assigner HashiCorp

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status

unaffected

1.4.1 (semver) before 1.20.0

affected

Default status

unaffected

1.4.1 (semver) before 1.20.0

affected

References

security.netapp.com/advisory/ntap-20250110-0006/

discuss.hashicorp.com/...-on-content-type-error-manipulation

cve.org (CVE-2024-10086)

nvd.nist.gov (CVE-2024-10086)

Download JSON

help @ threatint.eu