A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

Affected Packages

Go github.com/hashicorp/consul

Affected versions: 1.9.0 (fixed in 1.20.1)

Related CVEs

CVE-2024-10005

Key Information

GHSA ID

GHSA-chgm-7r52-whjj

Published

October 31, 2024 12:30 AM

Last Modified

January 10, 2025 3:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/consul

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.