AIKIDO-2024-10408
github.com/hashicorp/consul is vulnerable to Path Traversal
83
High
github.com/hashicorp/consul go
AIKIDO-2024-10408: github.com/hashicorp/consul is vulnerable to Path Traversal in versions 0.1.0 - 1.20.0.
Path Traversal
Vuln in 0.1.0 - 1.20.0
Fixed in 1.20.1
CVE-2024-10005
TL;DR
Affected versions of the package are vulnerable to path traversal. Using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade github.com/hashicorp/consul library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US