Plataforma
go
Componente
github.com/hashicorp/consul
Corregido en
1.20.1
1.20.1
1.20.1
CVE-2024-10005 is a Path Traversal vulnerability discovered in HashiCorp Consul. This flaw allows attackers to potentially read sensitive files from the Consul server's file system. The vulnerability impacts versions prior to 1.20.1, and a patch has been released to address the issue. Users are strongly advised to upgrade to the fixed version.
The Path Traversal vulnerability in Consul allows an attacker to bypass intended access restrictions and read arbitrary files on the server hosting the Consul agent. This could expose sensitive configuration data, API keys, or other critical information. Successful exploitation could lead to unauthorized access to the Consul cluster and potentially compromise other services relying on Consul for service discovery and configuration management. The impact is amplified if Consul is used to store secrets or sensitive data, as these could be directly exposed. While direct remote code execution is not possible, the data obtained could be used to further compromise the system or network.
CVE-2024-10005 was publicly disclosed on November 4, 2024. There is currently no indication of active exploitation in the wild. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are available, indicating a moderate risk of exploitation if the vulnerability remains unpatched.
Organizations heavily reliant on HashiCorp Consul for service discovery, configuration management, and key-value storage are at significant risk. Environments with Consul agents running with elevated privileges or exposed to untrusted networks are particularly vulnerable. Shared hosting environments where multiple users share a Consul instance should also be prioritized for patching.
• linux / server:
journalctl -u consul -g 'file access'• generic web:
curl -I http://<consul_ip>/consul/ui/ -H "X-Consul-Token: <token>" # Check for unusual file access patterns in the response headersdisclosure
Estado del Exploit
EPSS
0.20% (42% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2024-10005 is to upgrade to HashiCorp Consul version 1.20.1 or later. If an immediate upgrade is not feasible, consider implementing stricter file system permissions on the Consul agent's data directory to limit the potential impact of a successful attack. Review and restrict network access to the Consul agent, limiting access to only authorized clients. Monitor Consul agent logs for suspicious file access attempts. After upgrade, confirm by attempting to access a restricted file via the vulnerable endpoint and verifying that access is denied.
Actualice Consul a una versión que contenga la corrección para esta vulnerabilidad. Consulte el anuncio de HashiCorp para obtener detalles sobre las versiones afectadas y las versiones corregidas. Asegúrese de revisar y ajustar las intenciones L7 para evitar posibles bypass de las reglas de acceso basadas en la ruta URL.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2024-10005 is a vulnerability in HashiCorp Consul that allows attackers to read arbitrary files on the server. It's rated HIGH severity and affects versions before 1.20.1.
If you are running HashiCorp Consul versions prior to 1.20.1, you are potentially affected by this vulnerability. Check your Consul version and upgrade immediately.
Upgrade to HashiCorp Consul version 1.20.1 or later to address this vulnerability. Consider temporary file system permission restrictions if immediate upgrade is not possible.
As of now, there is no confirmed active exploitation of CVE-2024-10005, but public proof-of-concept exploits exist, so patching is crucial.
Refer to the official HashiCorp security advisory for detailed information and updates: https://www.hashicorp.com/security/announcements/cve-2024-10005
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.
Sube tu archivo go.mod y te decimos al instante si estás afectado.