Platform
go
Component
github.com/hashicorp/consul
Fixed in
1.20.1
1.20.1
1.20.1
CVE-2024-10005 is a Path Traversal vulnerability discovered in HashiCorp Consul. This flaw allows attackers to potentially read sensitive files from the Consul server's file system. The vulnerability impacts versions prior to 1.20.1, and a patch has been released to address the issue. Users are strongly advised to upgrade to the fixed version.
The Path Traversal vulnerability in Consul allows an attacker to bypass intended access restrictions and read arbitrary files on the server hosting the Consul agent. This could expose sensitive configuration data, API keys, or other critical information. Successful exploitation could lead to unauthorized access to the Consul cluster and potentially compromise other services relying on Consul for service discovery and configuration management. The impact is amplified if Consul is used to store secrets or sensitive data, as these could be directly exposed. While direct remote code execution is not possible, the data obtained could be used to further compromise the system or network.
CVE-2024-10005 was publicly disclosed on November 4, 2024. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are available, indicating a moderate risk of exploitation if the vulnerability remains unpatched.
Exploit Status
EPSS
0.20% (42% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-10005 is to upgrade to HashiCorp Consul version 1.20.1 or later. If an immediate upgrade is not feasible, consider implementing stricter file system permissions on the Consul agent's data directory to limit the potential impact of a successful attack. Review and restrict network access to the Consul agent, limiting access to only authorized clients. Monitor Consul agent logs for suspicious file access attempts. After upgrade, confirm by attempting to access a restricted file via the vulnerable endpoint and verifying that access is denied.
Actualice Consul a una versión que contenga la corrección para esta vulnerabilidad. Consulte el anuncio de HashiCorp para obtener detalles sobre las versiones afectadas y las versiones corregidas. Asegúrese de revisar y ajustar las intenciones L7 para evitar posibles bypass de las reglas de acceso basadas en la ruta URL.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-10005 is a vulnerability in HashiCorp Consul that allows attackers to read arbitrary files on the server. It's rated HIGH severity and affects versions before 1.20.1.
If you are running HashiCorp Consul versions prior to 1.20.1, you are potentially affected by this vulnerability. Check your Consul version and upgrade immediately.
Upgrade to HashiCorp Consul version 1.20.1 or later to address this vulnerability. Consider temporary file system permission restrictions if immediate upgrade is not possible.
As of now, there is no confirmed active exploitation of CVE-2024-10005, but public proof-of-concept exploits exist, so patching is crucial.
Refer to the official HashiCorp security advisory for detailed information and updates: https://www.hashicorp.com/security/announcements/cve-2024-10005
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.