Bug 1660486 (CVE-2018-19653) - CVE-2018-19653 consul: Misleading Configuration Resulting in Possible Plain Text Exposure
Summary: CVE-2018-19653 consul: Misleading Configuration Resulting in Possible Plain T...
Keywords:
Status: NEW
Alias: CVE-2018-19653
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1660487
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-18 12:56 UTC by Andrej Nemec
Modified: 2019-09-29 15:04 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Andrej Nemec 2018-12-18 12:56:50 UTC
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

Upstream issue:

https://github.com/hashicorp/consul/pull/5069

References:

https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I

Comment 1 Andrej Nemec 2018-12-18 12:57:27 UTC
Created consul tracking bugs for this issue:

Affects: fedora-all [bug 1660487]


Note You need to log in before you can comment on or make changes to this bug.