CVE-2021-38698
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul
6.5
MEDIUM
CVSS 3.1
EPSS 0.35%
Description
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.
How to fix CVE-2021-38698
To remediate CVE-2021-38698, upgrade the affected package to a fixed version below.
- —upgrade to 1.8.15 or later
- —no fix listed
- —upgrade to 1.10.2 or later
- —upgrade to 1.8.15 or later
Is CVE-2021-38698 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.8.15, >= 1.9.0, < 1.9.9, >= 1.10.0, < 1.10.2
- from 0
- >= 1.10.1, < 1.10.2
- from 0, < 1.8.15, >= 1.9.0, < 1.9.9, >= 1.10.1, < 1.10.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |