CVE-2018-19653

Published: Dic 09, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-2433 Aliases: GHSA-4qvx-qq5w-695p
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 4,3
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0043
Percentile
0,6th
Updated

EPSS Score Trend (Last 91 Days)

Application

Consul by Hashicorp

Product Information
Vendor Hashicorp
Product Consul
Version Range Affected
From 0.5.1 (inclusive)
To 1.4.0 (inclusive)
cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/hashicorp/consul/pull/5069
Issue Tracking Patch Third Party Advisory
https://github.com/hashicorp/consul/pull/5069
https://groups.google.com/forum/#%21topic/consul-tool/7TCw0…
https://groups.google.com/forum/#%21topic/consul-tool/7TCw06oio0I
https://github.com/hashicorp/consul/pull/5069
Issue Tracking Patch Third Party Advisory
https://github.com/hashicorp/consul/pull/5069
https://groups.google.com/forum/#%21topic/consul-tool/7TCw0…
https://groups.google.com/forum/#%21topic/consul-tool/7TCw06oio0I