Plattform
go
Komponente
github.com/hashicorp/consul
Behoben in
1.20.1
1.20.1
1.20.1
CVE-2024-10005 is a Path Traversal vulnerability discovered in HashiCorp Consul. This flaw allows attackers to potentially read sensitive files from the Consul server's file system. The vulnerability impacts versions prior to 1.20.1, and a patch has been released to address the issue. Users are strongly advised to upgrade to the fixed version.
The core impact of CVE-2024-10005 lies in its ability to enable unauthorized file access. An attacker exploiting this vulnerability could read configuration files containing sensitive information like API keys, database credentials, or internal network details. Successful exploitation could lead to data breaches, privilege escalation, and potential compromise of the entire Consul cluster. The blast radius extends to any systems or applications relying on Consul for service discovery or configuration management, as exposed data could be used to target those systems. While no direct precedent exists for this specific path traversal in Consul, similar vulnerabilities in other service discovery tools have resulted in significant data exposure and system compromise.
CVE-2024-10005 was publicly disclosed on November 4, 2024. Its EPSS score is currently pending evaluation. No public proof-of-concept exploits have been released at the time of writing, but the vulnerability's ease of exploitation suggests it could become a target for automated scanning and exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on HashiCorp Consul for service discovery, configuration management, and key-value storage are at significant risk. Environments with Consul agents running with elevated privileges or exposed to untrusted networks are particularly vulnerable. Shared hosting environments where multiple users share a Consul instance should also be prioritized for patching.
• linux / server:
journalctl -u consul -g 'file access'• generic web:
curl -I http://<consul_ip>/consul/ui/ -H "X-Consul-Token: <token>" # Check for unusual file access patterns in the response headersdisclosure
Exploit-Status
EPSS
0.20% (42% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-10005 is to upgrade to HashiCorp Consul version 1.20.1 or later. If an immediate upgrade is not feasible, consider implementing a Web Application Firewall (WAF) or reverse proxy to filter requests and block attempts to access files outside of the intended directories. Specifically, configure the WAF to block requests containing path traversal sequences like '../' or absolute paths. Regularly review Consul's access control policies to ensure only authorized users and services have access to sensitive data. After upgrading, verify the fix by attempting to access files outside the designated Consul data directory via HTTP requests; successful access indicates the vulnerability persists.
Actualice Consul a una versión que contenga la corrección para esta vulnerabilidad. Consulte el anuncio de HashiCorp para obtener detalles sobre las versiones afectadas y las versiones corregidas. Asegúrese de revisar y ajustar las intenciones L7 para evitar posibles bypass de las reglas de acceso basadas en la ruta URL.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-10005 is a vulnerability in HashiCorp Consul that allows attackers to read arbitrary files on the server. It's rated HIGH severity and affects versions before 1.20.1.
If you are running HashiCorp Consul versions prior to 1.20.1, you are potentially affected by this vulnerability. Check your Consul version and upgrade immediately.
Upgrade to HashiCorp Consul version 1.20.1 or later to address this vulnerability. Consider temporary file system permission restrictions if immediate upgrade is not possible.
As of now, there is no confirmed active exploitation of CVE-2024-10005, but public proof-of-concept exploits exist, so patching is crucial.
Refer to the official HashiCorp security advisory for detailed information and updates: https://www.hashicorp.com/security/announcements/cve-2024-10005
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.