CVE-2021-38698
MEDIUMHashiCorp Consul < 1.8.15, 1.10.1 - Missing Authorization in Txn.Apply Endpoint
Title source: llmDescription
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://www.hashicorp.com/blog/category/consul
Vendor Advisory x_refsource_misc
https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-09
Scores
CVSS v3
6.5
EPSS
0.0056
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (2)
hashicorp/consul
< 1.8.15 (2 CPE variants)
hashicorp/consul
1.10.1 - 1.10.2Go
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026