CVE-2024-10006

HIGH

Consul - Auth Bypass

Title source: llm

Description

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

References (2)

[Vendor Advisory] https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250110-0005/

Scores

CVSS v3 8.3

EPSS 0.0003

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-644 CWE-116

Status published

Products (4)

hashicorp/consul 1.20.0

hashicorp/consul 1.4.1 - 1.20.1

hashicorp/consul 1.9.0 - 1.15.15

hashicorp/consul 1.9.0 - 1.20.1Go

Published Oct 30, 2024

Tracked Since Feb 18, 2026