CVE-2021-28156
medium
CVSS v3
—
CVSS v2
—
VIR risk
5.5
Description
HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically crafted HTTP events. Fixed in 1.9.5, and 1.8.10.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-28156
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | affected | | |
| debian | bullseye | fixed | 0 |
References
Verify integrity in audit chain (admin only). AS-IS.