CVE-2021-32574

HIGH

HashiCorp Consul 1.3.0-1.10.0 - Improper Certificate Validation in Envoy Proxy TLS Configuration

Title source: llm
STIX 2.1

Description

HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0146
EPSS Percentile 70.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-295
Status published
Products (2)
hashicorp/consul 0 - 1.10.1Go
hashicorp/consul 1.3.0 - 1.8.14 (2 CPE variants)
Published Jul 17, 2021
Tracked Since Feb 18, 2026