Consul Enterprise

1.19.3

SEMANTIC 3 CVEs

1.15.2

SEMANTIC 1 CVE

1.14.1

SEMANTIC 1 CVE

1.14.2

SEMANTIC 1 CVE

1.14.0

SEMANTIC 2 CVEs

1.14.5

SEMANTIC 1 CVE

1.13.0

SEMANTIC 1 CVE

1.15.3

SEMANTIC 1 CVE

1.18.5

SEMANTIC 3 CVEs

1.4.1

SEMANTIC 1 CVE

1.15.15

SEMANTIC 3 CVEs

1.13.3

SEMANTIC 1 CVE

1.13.2

SEMANTIC 1 CVE

1.15.1

SEMANTIC 1 CVE

1.14.4

SEMANTIC 1 CVE

1.16.0

SEMANTIC 1 CVE

1.14.3

SEMANTIC 1 CVE

1.9.0

SEMANTIC 2 CVEs

1.13.1

SEMANTIC 1 CVE

1.15.0

SEMANTIC 2 CVEs

CVE-2024-10086

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

MEDIUM Oct 30, 2024

CVE-2024-10006

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

HIGH Oct 30, 2024

CVE-2024-10005

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

HIGH Oct 30, 2024

CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

HIGH Aug 09, 2023