FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

consul -- rpc: authorize raft requests

Affected packages
consul < 1.10.2
consul < 1.9.9
consul < 1.8.15


VuXML ID 376df2f1-1295-11ec-859e-000c292ee6b8
Discovery 2021-08-27
Entry 2021-09-11

Hashicorp reports:

HashiCorp Consul Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.


CVE Name CVE-2021-37219