Upstream information
Description
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CNA (HashiCorp) | |
|---|---|
| Base Score | 8.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- SUSE-SU-2024:3950-1, published 2024-11-08T07:57:37Z
- openSUSE-SU-2024:0350-1, published Tue Nov 5 22:50:01 2024
- openSUSE-SU-2024:14458-1, published Tue Nov 5 18:49:12 2024
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 |
| |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14458 |
SUSE Timeline for this CVE
CVE page created: Thu Oct 31 00:00:33 2024CVE page last modified: Sat Sep 6 12:10:15 2025