CVE-2022-29153

Name
CVE-2022-29153
Description
HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://discuss.hashicorp.com
MISC https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* consul >= None < 1.9.17
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* consul >= 1.10.0 < 1.10.10
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* consul >= 1.11.0 < 1.11.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
consul 3.15-community 1.10.9-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable