HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5. https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 https://security.netapp.com/advisory/ntap-20220602-0005/ https://security.gentoo.org/glsa/202208-09 https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/
Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2134571] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2134572] Created moby-engine tracking bugs for this issue: Affects: fedora-all [bug 2134573]