A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Affected Packages

Go github.com/hashicorp/consul

Affected versions: 1.9.0 (fixed in 1.20.1)

Related CVEs

CVE-2024-10006

Key Information

GHSA ID

GHSA-5c4w-8hhh-3c3h

Published

October 31, 2024 12:30 AM

Last Modified

January 10, 2025 4:03 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/consul

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.