CVE-2018-19653
First published: Sun Dec 09 2018(Updated: )
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Consul | >=0.5.1<=1.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this HashiCorp Consul vulnerability?
The vulnerability ID for this HashiCorp Consul vulnerability is CVE-2018-19653.
What is the severity of CVE-2018-19653?
The severity of CVE-2018-19653 is medium with a severity value of 5.9.
What is affected by CVE-2018-19653?
HashiCorp Consul versions 0.5.1 through 1.4.0 are affected by CVE-2018-19653.
What is the issue with HashiCorp Consul 0.5.1 through 1.4.0?
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented.
How can CVE-2018-19653 be mitigated?
CVE-2018-19653 can be mitigated by following the reconfiguration steps provided by the vendor that do not require a software upgrade.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hashicorp
- canonical/hashicorp consul
- version/hashicorp consul/0.5.1
- version/hashicorp consul/1.4.0