DescriptionHashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs991719

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
consul (PTS)buster1.0.7~dfsg1-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
consulsourcebuster(not affected)


[bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <not-affected> (Only affects 1.3.0 and later)

Search for package or bug name: Reporting problems