Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rqjq-ww83-wv5c: Hashicorp Consul allows user with service:write permissions to patch remote proxy instances

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

1 year ago

Hashicorp Consul allows user with service:write permissions to patch remote proxy instances

High severity GitHub Reviewed Published Jun 3, 2023 to the GitHub Advisory Database • Updated Jun 6, 2023

Related news

CVE-2023-2816: HCSEC-2023-16 - Consul Envoy Extension Downstream Proxy Configuration By Upstream Service Owner

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

1 year ago

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

2 days ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

2 days ago

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

2 days ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

2 days ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

2 days ago