CVE-2018-19653
N/A
N/A
Summary
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://groups.google.com/forum/#%21topic/consul-tool/7TCw06oio0I
- https://github.com/hashicorp/consul/pull/5069
References
- https://groups.google.com/forum/#%21topic/consul-tool/7TCw06oio0I
- https://github.com/hashicorp/consul/pull/5069
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.