Bug 2134570 (CVE-2022-29153)
| Summary: | CVE-2022-29153 consul: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | extras-orphan, fpokorny, go-sig, gparvin, jburrell, jcantril, jchaloup, jramanat, maxwell, njean, o.lemasle, pahickey, periklis, rdey, stcannon, vkumar, zebob.m |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | consul 1.9.17, consul 1.10.10, consul 1.11.5 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Consul and Consul Enterprise (“Consul”) where HTTP health check endpoints return an HTTP redirect, which can be abused as a vector for server-side request forgery (SSRF).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2134918, 2134919, 2134922, 2134923, 2134924, 2134571, 2134572, 2134573, 2134920, 2134921, 2134925, 2138871, 2138872, 2138873, 2138874, 2138875, 2138876, 2138877, 2138878, 2138879 | ||
| Bug Blocks: | 2134568 | ||
|
Description
Avinash Hanwate
2022-10-13 16:22:34 UTC
Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2134571] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2134572] Created moby-engine tracking bugs for this issue: Affects: fedora-all [bug 2134573] |