git: db35d73b130f - main - security/vuxml: document sysutils/consul vulnerability
Brad Davis
brd at FreeBSD.org
Sat Sep 11 00:31:29 UTC 2021
The branch main has been updated by brd (doc, src committer):
URL: https://cgit.FreeBSD.org/ports/commit/?id=db35d73b130f9c0897e8ecbe2177644a2dad82e3
commit db35d73b130f9c0897e8ecbe2177644a2dad82e3
Author: Brad Davis <brd at FreeBSD.org>
AuthorDate: 2021-09-11 00:29:00 +0000
Commit: Brad Davis <brd at FreeBSD.org>
CommitDate: 2021-09-11 00:30:50 +0000
security/vuxml: document sysutils/consul vulnerability
---
security/vuxml/vuln-2021.xml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 138d6323e12d..9a64c8545606 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,33 @@
+ <vuln vid="376df2f1-1295-11ec-859e-000c292ee6b8">
+ <topic>consul -- rpc: authorize raft requests</topic>
+ <affects>
+ <package>
+ <name>consul</name>
+ <range><lt>1.10.2</lt></range>
+ <range><lt>1.9.9</lt></range>
+ <range><lt>1.8.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hashicorp reports:</p>
+ <blockquote cite="https://github.com/hashicorp/consul/releases/tag/v1.9.9">
+ <p>HashiCorp Consul Raft RPC layer allows non-server agents with a
+ valid certificate signed by the same CA to access server-only
+ functionality, enabling privilege escalation.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-37219</cvename>
+ <url>https://github.com/hashicorp/consul/releases/tag/v1.9.9</url>
+ </references>
+ <dates>
+ <discovery>2021-08-27</discovery>
+ <entry>2021-09-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="4ea1082a-1259-11ec-b4fa-dd5a552bdd17">
<topic>go -- archive/zip: overflow in preallocation check can cause OOM panic</topic>
<affects>
More information about the dev-commits-ports-all
mailing list