CVE-2021-36213

Summary

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default deny policy with a single L7 application-aware intention deny action cancels out, causing the intention to incorrectly fail open, allowing L4 traffic. Fixed in 1.9.8 and 1.10.1.

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References