What is the severity of CVE-2024-10005?

CVE-2024-10005 is a high-severity vulnerability as it allows for bypassing access rules based on HTTP request paths.

How do I fix CVE-2024-10005?

To fix CVE-2024-10005, update your Consul or Consul Enterprise installation to a version that addresses this vulnerability.

Which versions of Consul are affected by CVE-2024-10005?

CVE-2024-10005 affects multiple versions of Consul, specifically versions between 1.4.1 and 1.20.1.

What types of access rules are bypassed by CVE-2024-10005?

CVE-2024-10005 allows unauthorized access by bypassing HTTP request path-based access rules implemented in L7 traffic intentions.

Is CVE-2024-10005 a critical vulnerability in web applications?

Yes, CVE-2024-10005 is considered critical due to its potential impact on security in web application access control.

Vulnerability/
CVE-2024-10005

high

8.1

CWE

30/10/2024

31/10/2024

10/1/2025

CVE-2024-10005: Consul L7 Intentions Vulnerable To URL Path Bypass

First published: Wed Oct 30 2024(Updated: )

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

Credit: security@hashicorp.com security@hashicorp.com

Affected Software	Affected Version	How to fix
go/github.com/hashicorp/consul	>=1.9.0<1.20.1	1.20.1
HashiCorp Consul	>=1.4.1<1.20.1
HashiCorp Consul	>=1.9.0<1.15.15
HashiCorp Consul	>=1.18.0<1.18.5
HashiCorp Consul	>=1.19.0<1.19.3
HashiCorp Consul	=1.20.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-10005?
CVE-2024-10005 is a high-severity vulnerability as it allows for bypassing access rules based on HTTP request paths.
How do I fix CVE-2024-10005?
To fix CVE-2024-10005, update your Consul or Consul Enterprise installation to a version that addresses this vulnerability.
Which versions of Consul are affected by CVE-2024-10005?
CVE-2024-10005 affects multiple versions of Consul, specifically versions between 1.4.1 and 1.20.1.
What types of access rules are bypassed by CVE-2024-10005?
CVE-2024-10005 allows unauthorized access by bypassing HTTP request path-based access rules implemented in L7 traffic intentions.
Is CVE-2024-10005 a critical vulnerability in web applications?
Yes, CVE-2024-10005 is considered critical due to its potential impact on security in web application access control.

agent/weakness
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/severity
agent/softwarecombine
collector/github-advisory
source/GitHub
alias/GHSA-chgm-7r52-whjj
alias/CVE-2024-10005
agent/software-canonical-lookup
agent/trending
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
agent/last-modified-date
collector/nvd-cve
source/NVD
agent/references
agent/event
agent/tags
collector/nvd-api
agent/source
package-manager/go
vendor/hashicorp
canonical/hashicorp consul
version/hashicorp consul/1.4.1
version/hashicorp consul/1.9.0
version/hashicorp consul/1.18.0
version/hashicorp consul/1.19.0
version/hashicorp consul/1.20.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.