What is the severity of CVE-2024-10006?

CVE-2024-10006 is classified as a medium severity vulnerability.

How do I fix CVE-2024-10006?

To fix CVE-2024-10006, upgrade Consul and Consul Enterprise to a version that is not affected.

What versions are affected by CVE-2024-10006?

CVE-2024-10006 affects Consul versions from 1.4.1 to 1.20.1.

What is the impact of CVE-2024-10006?

CVE-2024-10006 allows for HTTP header-based access rules to be bypassed, potentially compromising security.

Is CVE-2024-10006 specific to any deployment of Consul?

Yes, CVE-2024-10006 impacts both the community and enterprise versions of Consul.

Vulnerability/
CVE-2024-10006

high

8.3

CWE

644 116

30/10/2024

31/10/2024

10/1/2025

CVE-2024-10006: Consul L7 Intentions Vulnerable To Headers Bypass

First published: Wed Oct 30 2024(Updated: )

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

Credit: security@hashicorp.com security@hashicorp.com

Affected Software	Affected Version	How to fix
go/github.com/hashicorp/consul	>=1.9.0<1.20.1	1.20.1
HashiCorp Consul	>=1.4.1<1.20.1
HashiCorp Consul	>=1.9.0<1.15.15
HashiCorp Consul	>=1.18.0<1.18.5
HashiCorp Consul	>=1.19.0<1.19.3
HashiCorp Consul	=1.20.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-10006?
CVE-2024-10006 is classified as a medium severity vulnerability.
How do I fix CVE-2024-10006?
To fix CVE-2024-10006, upgrade Consul and Consul Enterprise to a version that is not affected.
What versions are affected by CVE-2024-10006?
CVE-2024-10006 affects Consul versions from 1.4.1 to 1.20.1.
What is the impact of CVE-2024-10006?
CVE-2024-10006 allows for HTTP header-based access rules to be bypassed, potentially compromising security.
Is CVE-2024-10006 specific to any deployment of Consul?
Yes, CVE-2024-10006 impacts both the community and enterprise versions of Consul.

agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/weakness
agent/severity
agent/softwarecombine
agent/event
collector/github-advisory
source/GitHub
alias/GHSA-5c4w-8hhh-3c3h
alias/CVE-2024-10006
agent/software-canonical-lookup
agent/trending
collector/mitre-cve
source/MITRE
collector/github-advisory-latest
agent/last-modified-date
collector/nvd-cve
source/NVD
agent/references
agent/tags
collector/nvd-api
agent/source
package-manager/go
vendor/hashicorp
canonical/hashicorp consul
version/hashicorp consul/1.4.1
version/hashicorp consul/1.9.0
version/hashicorp consul/1.18.0
version/hashicorp consul/1.19.0
version/hashicorp consul/1.20.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.