CVE-2024-10006 HIGH

CVE-2024-10006: Consul L7 Intentions Vulnerable To Headers Bypass

Vendor Hashicorp
Product Consul
Weakness CWE-644
Published October 30, 2024
Last update January 10, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Key dates

02Disclosure timeline

October 30, 2024 CVE published
January 10, 2025 Record updated