consul

Oct 14, 2024 GO-2024-3241 +1 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 20, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 27, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 11, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 12, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 16, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 26, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 26, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 6, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 26, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 13, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 22, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 12, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 3, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 6, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 26, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 13, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 18, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 12, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 31, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 19, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 5, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 26, 2023 GO-2024-2704 +3 more

  GO-2024-2704: Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ const MaximumManualVIPsPerService

type Config

+ Locality *structs.Locality

type Deps

+ Experiments []string

type Internal

+ func (m *Internal) AssignManualServiceVIPs(args *structs.AssignServiceManualVIPsRequest, ...) error

type Server

+ func (s *Server) IsServer(addr string) bool

Jun 10, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 26, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 13, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 22, 2024 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 12, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 31, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 19, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 5, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 23, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 1, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ const ServerMetadataFile

+ func OpenServerMetadata(filename string) (io.WriteCloser, error)

+ func WriteServerMetadata(w io.Writer) error

type Config

+ ServerRejoinAgeMax time.Duration

+ type ServerMetadata struct

+ LastSeenUnix int64

+ func ReadServerMetadata(filename string) (*ServerMetadata, error)

+ func (md *ServerMetadata) IsLastSeenStale(d time.Duration) bool

+ type ServerMetadataReadFunc func(filename string) (*ServerMetadata, error)

Mar 30, 2023 GO-2023-1827 +4 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1828: Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 7, 2023 GO-2023-1827 +4 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1828: Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 24, 2023 GO-2023-1827 +4 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1828: Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ const LogStoreBackendBoltDB

+ const LogStoreBackendWAL

+ func ConfiguredIncomingRPCLimiter(ctx context.Context, serverLogger hclog.InterceptLogger, consulCfg *Config) *rpcRate.Handler

+ func ContextWithRemoteAddr(ctx context.Context, addr net.Addr) context.Context

+ func RemoteAddrFromContext(ctx context.Context) (net.Addr, bool)

type Config

+ LogStoreConfig RaftLogStoreConfig

+ RequestLimitsMode string

+ RequestLimitsReadRate rate.Limit

+ RequestLimitsWriteRate rate.Limit

+ type FSMDataStore struct

+ func NewFSMDataStore(server *Server, fsm *fsm.FSM) *FSMDataStore

+ func (f *FSMDataStore) Delete(entry structs.ConfigEntry) error

+ func (f *FSMDataStore) GetConfigEntriesByKind(kind string) ([]structs.ConfigEntry, error)

+ func (f *FSMDataStore) GetConfigEntry(kind string, name string, meta *acl.EnterpriseMeta) (structs.ConfigEntry, error)

+ func (f *FSMDataStore) Update(entry structs.ConfigEntry) error

+ func (f *FSMDataStore) UpdateStatus(entry structs.ControlledConfigEntry, err error) error

type Operator

+ func (op *Operator) Usage(args *structs.OperatorUsageRequest, reply *structs.Usage) error

+ type OperatorBackend struct

+ func NewOperatorBackend(srv *Server) *OperatorBackend

+ func (op *OperatorBackend) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzCtx *acl.AuthorizerContext) (resolver.Result, error)

+ func (op *OperatorBackend) TransferLeader(_ context.Context, request *pboperator.TransferLeaderRequest) (*pboperator.TransferLeaderResponse, error)

+ type RaftLogStoreConfig struct

+ Backend string

+ BoltDB RaftBoltDBConfig

+ DisableLogCache bool

+ Verification RaftLogStoreVerificationConfig

+ WAL WALConfig

+ type RaftLogStoreVerificationConfig struct

+ Enabled bool

+ Interval time.Duration

type ReloadableConfig

+ RequestLimits *RequestLimits

+ type RequestLimits struct

+ Mode consulrate.Mode

+ ReadRate rate.Limit

+ WriteRate rate.Limit

type Server

+ func (s *Server) InsertAnonymousToken() error

+ type WALConfig struct

+ SegmentSize int

Oct 31, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 19, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ var SegmentCESummaries = []prometheus.SummaryDefinition

Aug 5, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 23, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Server

+ func (s *Server) ConsistentRead() error

+ func (s *Server) DecrementBlockingQueries() uint64

+ func (s *Server) GetShutdownChannel() chan struct{}

+ func (s *Server) GetState() *state.Store

+ func (s *Server) IncrementBlockingQueries() uint64

+ func (s *Server) RPCQueryTimeout(queryTimeout time.Duration) time.Duration

+ func (s *Server) SetQueryMeta(m blockingquery.ResponseMeta, token string)

May 16, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ type CloudConfig struct

+ ManagementToken string

type Config

+ Cloud CloudConfig

Mar 29, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 7, 2023 GO-2024-3241 +2 more

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 26, 2023 GO-2023-1639 +4 more

  GO-2023-1639: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 13, 2022 GO-2023-1639 +4 more

  GO-2023-1639: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 30, 2022 GO-2023-1639 +4 more

  GO-2023-1639: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 21, 2022 GO-2023-1639 +4 more

  GO-2023-1639: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 15, 2022 GO-2023-1639 +4 more

  GO-2023-1639: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type ACLResolverBackend

+ IsServerManagementToken func(token string) bool

type Config

+ GRPCTLSPort int

type Deps

+ HCP hcp.Deps

+ XDSStreamLimiter *limiter.SessionLimiter

type PeeringBackend

+ func (b *PeeringBackend) GetDialAddresses(logger hclog.Logger, ws memdb.WatchSet, peerID string) (*ring.Ring, *ring.Ring, error)

+ func (b *PeeringBackend) GetLocalServerAddresses() ([]string, error)

+ func (b *PeeringBackend) GetTLSMaterials(generatingToken bool) (string, []string, error)

+ func (b *PeeringBackend) PeerThroughMeshGateways(ws memdb.WatchSet) (bool, error)

Sep 29, 2022 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 23, 2023 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 15, 2023 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ Reporting Reporting

+ type License struct

+ Enabled bool

type ReloadableConfig

+ Reporting Reporting

+ type Reporting struct

+ License License

type Server

+ func (s *Server) GetSystemMetadata(key string) (string, error)

+ func (s *Server) SetSystemMetadataKey(key, val string) error

Mar 7, 2023 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 26, 2023 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 13, 2022 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 30, 2022 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ var InvalidNodeName = invalidSegmentName

Oct 19, 2022 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ PeeringTestAllowPeerRegistrations bool

type Internal

+ func (m *Internal) ExportedServicesForPeer(args *structs.ServiceDumpRequest, reply *structs.IndexedServiceList) error

Sep 20, 2022 GO-2022-1121 +4 more

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Server

+ func (s *Server) GetPeeringBackend() peering.Backend

Aug 11, 2022 GO-2022-1029 +6 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 9, 2022 GO-2022-1029 +6 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2022-1121: Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ var LeaderPeeringMetrics = []prometheus.GaugeDefinition

+ func MergeServiceConfig(defaults *structs.ServiceConfigResponse, service *structs.NodeService) (*structs.NodeService, error)

type ACLResolver

+ func (r *ACLResolver) ResolveTokenAndDefaultMetaWithPeerName(token string, entMeta *acl.EnterpriseMeta, peerName string, ...) (resolver.Result, error)

type Config

+ GRPCPort int

+ PeeringEnabled bool

type Deps

+ EventPublisher *stream.EventPublisher

type Internal

+ func (m *Internal) ExportedPeeredServices(args *structs.DCSpecificRequest, reply *structs.IndexedExportedServiceList) error

+ func (m *Internal) IntentionUpstreamsDestination(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error

+ func (m *Internal) PeeredUpstreams(args *structs.PartitionSpecificRequest, ...) error

+ func (m *Internal) ServiceGateways(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error

+ type PeeringBackend struct

+ func NewPeeringBackend(srv *Server) *PeeringBackend

+ func (b *PeeringBackend) CatalogDeregister(req *structs.DeregisterRequest) error

+ func (b *PeeringBackend) CatalogRegister(req *structs.RegisterRequest) error

+ func (b *PeeringBackend) CheckPeeringUUID(id string) (bool, error)

+ func (b *PeeringBackend) DecodeToken(tokRaw []byte) (*structs.PeeringToken, error)

+ func (b *PeeringBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error)

+ func (b *PeeringBackend) EnterpriseCheckNamespaces(namespace string) error

+ func (b *PeeringBackend) EnterpriseCheckPartitions(partition string) error

+ func (b *PeeringBackend) GetAgentCACertificates() ([]string, error)

+ func (b *PeeringBackend) GetLeaderAddress() string

+ func (b *PeeringBackend) GetServerAddresses() ([]string, error)

+ func (b *PeeringBackend) GetServerName() string

+ func (b *PeeringBackend) IsLeader() bool

+ func (b *PeeringBackend) PeeringSecretsWrite(req *pbpeering.SecretsWriteRequest) error

+ func (b *PeeringBackend) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error

+ func (b *PeeringBackend) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error

+ func (b *PeeringBackend) PeeringWrite(req *pbpeering.PeeringWriteRequest) error

+ func (b *PeeringBackend) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzCtx *acl.AuthorizerContext) (resolver.Result, error)

+ func (b *PeeringBackend) SetLeaderAddress(addr string)

+ func (b *PeeringBackend) Store() peering.Store

+ func (b *PeeringBackend) ValidateProposedPeeringSecret(id string) (bool, error)

+ func (s *PeeringBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error)

type ReloadableConfig

+ ElectionTimeout time.Duration

+ HeartbeatTimeout time.Duration

Jun 21, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 15, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 26, 2023 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 13, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ func (c *Config) InPrimaryDatacenter() bool

Nov 30, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 19, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 20, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 11, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 13, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 3, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 25, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Apr 19, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ type ACLResolveResult struct

+ ACLIdentity structs.ACLIdentity

+ func (a ACLResolveResult) AccessorID() string

+ func (a ACLResolveResult) Identity() structs.ACLIdentity

+ func (a ACLResolveResult) ToAllowAuthorizer() acl.AllowAuthorizer

+ type ACLResolverBackend interface

+ ACLDatacenter func() string

+ RPC func(method string, args interface{}, reply interface{}) error

+ ResolveIdentityFromToken func(token string) (bool, structs.ACLIdentity, error)

+ ResolvePolicyFromID func(policyID string) (bool, *structs.ACLPolicy, error)

+ ResolveRoleFromID func(roleID string) (bool, *structs.ACLRole, error)

type ACLResolverConfig

+ Backend ACLResolverBackend

type CAManager

+ func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error)

type Deps

+ GetNetRPCInterceptorFunc func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor

+ NewRequestRecorderFunc func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder

+ type EmptyReadRequest struct

+ func (e EmptyReadRequest) IsRead() bool

type Internal

+ func (m *Internal) CatalogOverview(args *structs.DCSpecificRequest, reply *structs.CatalogSummary) error

+ type OverviewManager struct

+ func NewOverviewManager(logger hclog.Logger, sp usagemetrics.StateProvider, interval time.Duration) *OverviewManager

+ func (m *OverviewManager) GetCurrentSummary() *structs.CatalogSummary

+ func (m *OverviewManager) Run(ctx context.Context)

Apr 4, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 19, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ RPCClientTimeout time.Duration

type ReloadableConfig

+ RPCClientTimeout time.Duration

Sep 22, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 19, 2022 GO-2023-1827 +3 more

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 11, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 13, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 25, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Apr 13, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 28, 2022 GO-2022-0615 +6 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 11, 2022 GO-2022-0615 +6 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type ACLResolver

+ func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (acl.Authorizer, error)

+ type ValidateConfigUpdater interface

+ ValidateConfigUpdate func(previous, next map[string]interface{}) error

Jan 13, 2022 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 15, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 14, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ const PoolKindPartition

+ const PoolKindSegment

+ var LeaderCertExpirationGauges = []prometheus.GaugeDefinition

+ func CloneSerfLANConfig(base *serf.Config) *serf.Config

type ACLResolverConfig

+ DisableDuration time.Duration

+ type ACLResolverSettings struct

+ ACLDefaultPolicy string

+ ACLDownPolicy string

+ ACLPolicyTTL time.Duration

+ ACLRoleTTL time.Duration

+ ACLTokenTTL time.Duration

+ ACLsEnabled bool

+ Datacenter string

+ EnterpriseMeta structs.EnterpriseMeta

+ NodeName string

type AutoConfigOptions

+ Partition string

+ func (opts AutoConfigOptions) PartitionOrDefault() string

type CAManager

+ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error)

type Catalog

+ func (c *Catalog) VirtualIPForService(args *structs.ServiceSpecificRequest, reply *string) error

+ type CertExpirationMonitor struct

+ Key []string

+ Labels []metrics.Label

+ Logger hclog.Logger

+ Query func() (time.Duration, error)

+ func (m CertExpirationMonitor) Monitor(ctx context.Context) error

type Client

+ func (c *Client) AgentEnterpriseMeta() *structs.EnterpriseMeta

+ func (c *Client) AgentLocalMember() serf.Member

+ func (c *Client) LANMembersInAgentPartition() []serf.Member

type Config

+ ACLInitialManagementToken string

+ ACLResolverSettings ACLResolverSettings

+ RaftBoltDBConfig RaftBoltDBConfig

+ TLSConfig tlsutil.Config

+ func (c *Config) AgentEnterpriseMeta() *structs.EnterpriseMeta

type Deps

+ LeaderForwarder LeaderForwarder

type GRPCClientConner

+ ClientConnLeader func() (*grpc.ClientConn, error)

+ type LANMemberFilter struct

+ AllSegments bool

+ Partition string

+ Segment string

+ func (f LANMemberFilter) PartitionOrDefault() string

+ func (f LANMemberFilter) Validate() error

+ type LeaderForwarder interface

+ UpdateLeaderAddr func(datacenter, addr string)

+ type LegacyACLGetPolicy struct

+ type LegacyACLRequest struct

+ type RaftBoltDBConfig struct

+ NoFreelistSync bool

type Server

+ func (s *Server) AgentEnterpriseMeta() *structs.EnterpriseMeta

+ func (s *Server) AgentLocalMember() serf.Member

+ func (s *Server) DoWithLANSerfs(fn func(name, poolKind string, pool *serf.Serf) error, ...) error

+ func (s *Server) GetMatchingLANCoordinate(_, _ string) (*coordinate.Coordinate, error)

+ func (s *Server) InPrimaryDatacenter() bool

+ func (s *Server) LANMembersInAgentPartition() []serf.Member

+ func (s *Server) LANSendUserEvent(name string, payload []byte, coalesce bool) error

+ func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *structs.EnterpriseMeta) error

Dec 6, 2021 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 18, 2021 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 2, 2021 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Oct 15, 2021 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 16, 2021 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 13, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 25, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Apr 13, 2022 GO-2022-1029 +5 more

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 28, 2022 GO-2022-0615 +6 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 11, 2022 GO-2022-0615 +6 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 13, 2022 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 15, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 13, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 11, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 27, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Server

+ func (s *Server) ForwardGRPC(connPool GRPCClientConner, info structs.RPCInfo, ...) (handled bool, err error)

Aug 27, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type GRPCClientConner

+ SetGatewayResolver func(func(string) string)

Jul 15, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 1, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 22, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ RPCRateLimit rate.Limit

+ type EnterpriseDeps struct

+ type GRPCClientConner interface

+ ClientConn func(datacenter string) (*grpc.ClientConn, error)

type Internal

+ func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error

+ type ReloadableConfig struct

+ ConfigEntryBootstrap []structs.ConfigEntry

+ RPCMaxBurst int

+ RPCMaxConnsPerClient int

+ RPCRateLimit rate.Limit

+ RaftSnapshotInterval time.Duration

+ RaftSnapshotThreshold int

+ RaftTrailingLogs int

type Server

+ func (s *Server) FSM() *fsm.FSM

Jun 17, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 16, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 10, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 27, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

May 5, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Apr 16, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 18, 2021 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Apr 14, 2022 GO-2022-0894 +7 more

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 28, 2022 GO-2022-0615 +8 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 11, 2022 GO-2022-0615 +8 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 13, 2022 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type CAManager

+ func (c *CAManager) Initialize() (reterr error)

Dec 15, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 13, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Nov 11, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Sep 27, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Aug 27, 2021 GO-2022-0615 +9 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jul 15, 2021 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 21, 2021 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jun 4, 2021 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ReplicationGauges = []prometheus.GaugeDefinition

Apr 15, 2021 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Mar 4, 2021 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Feb 1, 2021 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Jan 20, 2021 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Dec 11, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ ReadReplica bool

Nov 24, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ACLCounters = []prometheus.CounterDefinition

+ var ACLEndpointLegacySummaries = []prometheus.SummaryDefinition

+ var ACLEndpointSummaries = []prometheus.SummaryDefinition

+ var ACLSummaries = []prometheus.SummaryDefinition

+ var AutopilotGauges = []prometheus.GaugeDefinition

+ var CatalogCounters = []prometheus.CounterDefinition

+ var CatalogSummaries = []prometheus.SummaryDefinition

+ var ClientCounters = []prometheus.CounterDefinition

+ var ConfigSummaries = []prometheus.SummaryDefinition

+ var ErrIntentionsNotUpgradedYet = errors.New("Intentions are read only while being upgraded to config entries")

+ var FederationStateSummaries = []prometheus.SummaryDefinition

+ var IntentionSummaries = []prometheus.SummaryDefinition

+ var KVSummaries = []prometheus.SummaryDefinition

+ var LeaderSummaries = []prometheus.SummaryDefinition

+ var PreparedQuerySummaries = []prometheus.SummaryDefinition

+ var RPCCounters = []prometheus.CounterDefinition

+ var RPCGauges = []prometheus.GaugeDefinition

+ var RPCSummaries = []prometheus.SummaryDefinition

+ var SegmentOSSSummaries = []prometheus.SummaryDefinition

+ var SessionEndpointSummaries = []prometheus.SummaryDefinition

+ var SessionGauges = []prometheus.GaugeDefinition

+ var SessionSummaries = []prometheus.SummaryDefinition

+ var TxnSummaries = []prometheus.SummaryDefinition

type AutopilotDelegate

+ func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

+ func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server

+ func (d *AutopilotDelegate) NotifyState(state *autopilot.State)

+ func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server)

type Config

+ AdvertiseReconnectTimeout time.Duration

+ MetricsReportingInterval time.Duration

+ OverrideInitialSerfTags func(tags map[string]string)

+ RPCConfig RPCConfig

+ type Deps struct

+ ConnPool *pool.ConnPool

+ GRPCConnPool *grpc.ClientConnPool

+ Logger hclog.InterceptLogger

+ Router *router.Router

+ TLSConfigurator *tlsutil.Configurator

+ Tokens *token.Store

type Internal

+ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error

+ func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceTopology) error

type Operator

+ func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autopilot.State) error

+ type RPCConfig struct

+ EnableStreaming bool

type Server

+ func (s *Server) DatacenterSupportsIntentionsAsConfigEntries() bool

Nov 17, 2020 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 10, 2020 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 7, 2020 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Oct 12, 2020 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Dec 15, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Dec 13, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 11, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ const LeaderTransferMinVersion

Sep 27, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 27, 2021 GO-2022-0615 +7 more

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 15, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jun 21, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jun 4, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jun 3, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type FunctionReplicator

+ Name string

+ func (r *FunctionReplicator) MetricName() string

type IndexReplicator

+ func (r *IndexReplicator) MetricName() string

type ReplicatorDelegate

+ MetricName func() string

May 26, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

May 18, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Apr 15, 2021 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type ACLResolverConfig

+ Tokens *token.Store

Mar 4, 2021 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type GatewayLocator

+ func (g *GatewayLocator) SetUseReplicationSignal(newValue bool)

Feb 11, 2021 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jan 22, 2021 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type CAManager

+ func (c *CAManager) Start()

+ func (c *CAManager) Stop()

Dec 10, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ const CAStateInitializing

+ const CAStateReady

+ const CAStateReconfig

+ const CAStateRenewIntermediate

+ const CAStateUninitialized

+ type CAManager struct

+ func NewCAManager(delegate caServerDelegate, logger hclog.Logger, config *Config) *CAManager

+ func (c *CAManager) InitializeCA() error

+ func (c *CAManager) RenewIntermediate(ctx context.Context, isPrimary bool) error

+ func (c *CAManager) UpdateConfiguration(args *structs.CARequest) error

+ func (c *CAManager) UpdateRoots(roots structs.IndexedCARoots) error

+ type CAState string

Dec 3, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 19, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Oct 23, 2020 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Sep 11, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type ConsulOption

+ func WithRouter(router *router.Router) ConsulOption

Aug 12, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 7, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 30, 2020 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2683: Improper handling of node names in JWT claims assertions in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ type AutoConfig struct

+ func NewAutoConfig(conf *Config, tlsConfigurator *tlsutil.Configurator, backend AutoConfigBackend, ...) *AutoConfig

+ func (ac *AutoConfig) InitialConfiguration(req *pbautoconf.AutoConfigRequest, resp *pbautoconf.AutoConfigResponse) error

+ type AutoConfigAuthorizer interface

+ Authorize func(*pbautoconf.AutoConfigRequest) (AutoConfigOptions, error)

+ type AutoConfigBackend interface

+ CreateACLToken func(template *structs.ACLToken) (*structs.ACLToken, error)

+ DatacenterJoinAddresses func(segment string) ([]string, error)

+ ForwardRPC func(method string, info structs.RPCInfo, args, reply interface{}) (bool, error)

+ GetCARoots func() (*structs.IndexedCARoots, error)

+ SignCertificate func(csr *x509.CertificateRequest, id connect.CertURI) (*structs.IssuedCert, error)

+ type AutoConfigOptions struct

+ CSR *x509.CertificateRequest

+ NodeName string

+ SegmentName string

+ SpiffeID *connect.SpiffeIDAgent

type Client

+ func NewClientWithOptions(config *Config, options ...ConsulOption) (*Client, error)

type Config

+ AutoConfigAuthzAllowReuse bool

+ AutoConfigAuthzAuthMethod structs.ACLAuthMethod

+ AutoConfigAuthzClaimAssertions []string

+ AutoConfigAuthzEnabled bool

+ AutoConfigDNSSANs []string

+ AutoConfigEnabled bool

+ AutoConfigIPSANs []net.IP

+ AutoConfigIntroToken string

+ AutoConfigIntroTokenFile string

+ AutoConfigServerAddresses []string

+ type ConsulOption func(*consulOptions)

+ func WithConnectionPool(connPool *pool.ConnPool) ConsulOption

+ func WithLogger(logger hclog.InterceptLogger) ConsulOption

+ func WithTLSConfigurator(tlsConfigurator *tlsutil.Configurator) ConsulOption

+ func WithTokenStore(tokens *token.Store) ConsulOption

type Server

+ func NewServerWithOptions(config *Config, options ...ConsulOption) (*Server, error)

+ func (s *Server) CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error)

+ func (s *Server) DatacenterJoinAddresses(segment string) ([]string, error)

+ func (s *Server) ForwardRPC(method string, info structs.RPCInfo, args interface{}, reply interface{}) (bool, error)

+ func (s *Server) GetCARoots() (*structs.IndexedCARoots, error)

+ func (s *Server) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error)

Jun 18, 2020 GO-2022-0559 +11 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ const DefaultRPCProtocol

type ACLResolver

+ func (r *ACLResolver) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)

type Catalog

+ func (c *Catalog) GatewayServices(args *structs.ServiceSpecificRequest, reply *structs.IndexedGatewayServices) error

type Client

+ func (c *Client) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)

type Config

+ ConnectMeshGatewayWANFederationEnabled bool

+ DisableFederationStateAntiEntropy bool

+ FederationStateReplicationApplyLimit int

+ FederationStateReplicationBurst int

+ FederationStateReplicationRate int

+ type FederationState struct

+ func (c *FederationState) Apply(args *structs.FederationStateRequest, reply *bool) error

+ func (c *FederationState) Get(args *structs.FederationStateQuery, reply *structs.FederationStateResponse) error

+ func (c *FederationState) List(args *structs.DCSpecificRequest, reply *structs.IndexedFederationStates) error

+ func (c *FederationState) ListMeshGateways(args *structs.DCSpecificRequest, ...) error

+ type FederationStateReplicator struct

+ func (r *FederationStateReplicator) DiffRemoteAndLocalState(localRaw interface{}, remoteRaw interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)

+ func (r *FederationStateReplicator) FetchLocal() (int, interface{}, error)

+ func (r *FederationStateReplicator) FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error)

+ func (r *FederationStateReplicator) MetricName() string

+ func (r *FederationStateReplicator) PerformDeletions(ctx context.Context, deletionsRaw interface{}) (exit bool, err error)

+ func (r *FederationStateReplicator) PerformUpdates(ctx context.Context, updatesRaw interface{}) (exit bool, err error)

+ func (r *FederationStateReplicator) PluralNoun() string

+ func (r *FederationStateReplicator) SingularNoun() string

+ type GatewayLocator struct

+ func NewGatewayLocator(logger hclog.Logger, srv serverDelegate, datacenter string, ...) *GatewayLocator

+ func (g *GatewayLocator) DialPrimaryThroughLocalGateway() bool

+ func (g *GatewayLocator) PickGateway(dc string) string

+ func (g *GatewayLocator) PrimaryGatewayFallbackAddresses() []string

+ func (g *GatewayLocator) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}

+ func (g *GatewayLocator) RefreshPrimaryGatewayFallbackAddresses(addrs []string)

+ func (g *GatewayLocator) Run(stopCh <-chan struct{})

+ func (g *GatewayLocator) SetLastFederationStateReplicationError(err error)

type Internal

+ func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceDump) error

type Server

+ func (s *Server) DatacenterSupportsFederationStates() bool

+ func (s *Server) LeaderLastContact() time.Time

+ func (s *Server) PickRandomMeshGatewaySuitableForDialing(dc string) string

+ func (s *Server) PrimaryGatewayFallbackAddresses() []string

+ func (s *Server) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}

+ func (s *Server) RefreshPrimaryGatewayFallbackAddresses(addrs []string)

+ func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)

Jun 15, 2020 GO-2022-0559 +7 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

May 21, 2020 GO-2022-0559 +7 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

May 14, 2020 GO-2022-0559 +7 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Apr 15, 2021 GO-2022-0559 +7 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Mar 4, 2021 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jan 22, 2021 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Dec 10, 2020 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 19, 2020 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Oct 26, 2020 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Sep 11, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 12, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 7, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 30, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jun 10, 2020 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

May 5, 2020 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Mar 16, 2020 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Feb 20, 2020 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Feb 11, 2020 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ErrStateReadOnly = errors.New("CA Provider State is read-only")

type ACL

+ func (a *ACL) Authorize(args *structs.RemoteACLAuthorizationRequest, ...) error

type ACLResolver

+ func (r *ACLResolver) Close()

+ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)

type ACLResolverConfig

+ ACLConfig *acl.Config

type Catalog

+ func (c *Catalog) NodeServiceList(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServiceList) error

+ func (c *Catalog) ServiceList(args *structs.DCSpecificRequest, reply *structs.IndexedServiceList) error

type Client

+ func (c *Client) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (acl.Authorizer, error)

+ func (c *Client) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)

type Config

+ DefaultQueryTime time.Duration

+ MaxQueryTime time.Duration

+ Shutdown func()

+ type EnterpriseACLResolverDelegate interface

+ type EnterpriseConfig struct

+ func DefaultEnterpriseConfig() *EnterpriseConfig

+ type FunctionReplicator struct

+ ReplicateFn ReplicatorFunc

+ func (r *FunctionReplicator) Replicate(ctx context.Context, lastRemoteIndex uint64, logger hclog.Logger) (uint64, bool, error)

+ type IndexReplicator struct

+ Delegate IndexReplicatorDelegate

+ Logger hclog.Logger

+ func (r *IndexReplicator) Replicate(ctx context.Context, lastRemoteIndex uint64, _ hclog.Logger) (uint64, bool, error)

+ type IndexReplicatorDelegate interface

+ DiffRemoteAndLocalState func(local interface{}, remote interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)

+ FetchLocal func() (int, interface{}, error)

+ FetchRemote func(lastRemoteIndex uint64) (int, interface{}, uint64, error)

+ MetricName func() string

+ PerformDeletions func(ctx context.Context, deletions interface{}) (exit bool, err error)

+ PerformUpdates func(ctx context.Context, updates interface{}) (exit bool, err error)

+ PluralNoun func() string

+ SingularNoun func() string

+ type IndexReplicatorDiff struct

+ Deletions interface{}

+ NumDeletions int

+ NumUpdates int

+ Updates interface{}

+ type LeaderRoutine func(ctx context.Context) error

+ type LeaderRoutineManager struct

+ func NewLeaderRoutineManager(logger hclog.Logger) *LeaderRoutineManager

+ func (m *LeaderRoutineManager) IsRunning(name string) bool

+ func (m *LeaderRoutineManager) Start(name string, routine LeaderRoutine) error

+ func (m *LeaderRoutineManager) StartWithContext(parentCtx context.Context, name string, routine LeaderRoutine) error

+ func (m *LeaderRoutineManager) Stop(name string) error

+ func (m *LeaderRoutineManager) StopAll()

type Replicator

+ func (r *Replicator) Index() uint64

+ func (r *Replicator) Run(ctx context.Context) error

type ReplicatorConfig

+ Delegate ReplicatorDelegate

+ SuppressErrorLog func(err error) bool

+ type ReplicatorDelegate interface

+ Replicate func(ctx context.Context, lastRemoteIndex uint64, logger hclog.Logger) (index uint64, exit bool, err error)

type Server

+ func (s *Server) ResolveEntTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer)

+ func (s *Server) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (acl.Authorizer, error)

+ func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (structs.ACLIdentity, acl.Authorizer, error)

+ func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)

Jan 31, 2020 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jan 24, 2020 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Dec 20, 2019 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Dec 10, 2019 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Nov 19, 2020 GO-2022-0559 +8 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Sep 11, 2020 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 12, 2020 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 30, 2020 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jun 10, 2020 GO-2022-0559 +9 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Apr 14, 2020 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ func ServersInDCMeetRequirements(provider checkServersProvider, datacenter string, ...) (ok bool, found bool)

type Client

+ func (c *Client) CheckServers(datacenter string, fn func(*metadata.Server) bool)

type Server

+ func (s *Server) CheckServers(datacenter string, fn func(*metadata.Server) bool)

type ServerLookup

+ func (sl *ServerLookup) CheckServers(fn func(srv *metadata.Server) bool)

Feb 20, 2020 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jan 30, 2020 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ RPCHandshakeTimeout time.Duration

+ RPCMaxConnsPerClient int

Nov 13, 2019 GO-2022-0559 +15 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ NotifyShutdown func()

Sep 12, 2019 GO-2022-0559 +15 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Aug 23, 2019 GO-2022-0559 +15 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0847: Incorrect Permission Assignment for Critical Resource in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ErrNotPrimaryDatacenter = errors.New("not the primary datacenter")

+ func ServersInDCMeetMinimumVersion(members []serf.Member, datacenter string, minVersion *version.Version) (bool, bool)

+ func ServersMeetRequirements(members []serf.Member, meetsRequirements func(*metadata.Server) bool) bool

type ConnectCA

+ func (s *ConnectCA) SignIntermediate(args *structs.CASignRequest, reply *string) error

+ type DiscoveryChain struct

+ func (c *DiscoveryChain) Get(args *structs.DiscoveryChainRequest, reply *structs.DiscoveryChainResponse) error

Aug 13, 2019 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 26, 2019 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 15, 2019 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 8, 2019 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0859: Improper Input Validation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0861: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jul 25, 2019 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ErrChunkingResubmit = errors.New("please resubmit call for rechunking")

type AutopilotDelegate

+ func (d *AutopilotDelegate) SerfLAN() *serf.Serf

+ func (d *AutopilotDelegate) SerfWAN() *serf.Serf

Jun 27, 2019 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ErrAutoEncryptAllowTLSNotEnabled = errors.New("AutoEncrypt.AllowTLS must be enabled in order to use this endpoint")

+ type AutoEncrypt struct

+ func (a *AutoEncrypt) Sign(args *structs.CASignRequest, reply *structs.SignedResponse) error

type Client

+ func (c *Client) RequestAutoEncryptCerts(servers []string, port int, token string, interruptCh chan struct{}) (*structs.SignedResponse, string, error)

type Config

+ AutoEncryptAllowTLS bool

+ CheckOutputMaxSize int

+ LogLevel string

May 22, 2019 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

May 8, 2019 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ func InterpolateHIL(s string, vars map[string]string) (string, error)

type ACL

+ func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *bool) error

+ func (a *ACL) AuthMethodList(args *structs.ACLAuthMethodListRequest, ...) error

+ func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *structs.ACLAuthMethodResponse) error

+ func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *structs.ACLAuthMethod) error

+ func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply *bool) error

+ func (a *ACL) BindingRuleList(args *structs.ACLBindingRuleListRequest, ...) error

+ func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *structs.ACLBindingRuleResponse) error

+ func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *structs.ACLBindingRule) error

+ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) error

+ func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error

+ func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

+ func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) error

+ func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleListResponse) error

+ func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleResponse) error

+ func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

+ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) error

type ACLResolverDelegate

+ ResolveRoleFromID func(roleID string) (bool, *structs.ACLRole, error)

type Client

+ func (c *Client) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)

type Config

+ ACLRoleTTL time.Duration

+ ACLTokenMaxExpirationTTL time.Duration

+ ACLTokenMinExpirationTTL time.Duration

+ ConfigEntryBootstrap []structs.ConfigEntry

+ ConfigReplicationApplyLimit int

+ ConfigReplicationBurst int

+ ConfigReplicationRate int

+ type ConfigEntry struct

+ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error

+ func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{}) error

+ func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.ConfigEntryResponse) error

+ func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.IndexedConfigEntries) error

+ func (c *ConfigEntry) ListAll(args *structs.DCSpecificRequest, reply *structs.IndexedGenericConfigEntries) error

+ func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, reply *structs.ServiceConfigResponse) error

type Internal

+ func (m *Internal) ServiceDump(args *structs.DCSpecificRequest, reply *structs.IndexedCheckServiceNodes) error

+ type Replicator struct

+ func NewReplicator(config *ReplicatorConfig) (*Replicator, error)

+ func (r *Replicator) Start()

+ func (r *Replicator) Stop()

+ type ReplicatorConfig struct

+ Burst int

+ Logger *log.Logger

+ MaxRetryWait time.Duration

+ MinFailures int

+ Name string

+ Rate int

+ ReplicateFn ReplicatorFunc

+ type ReplicatorFunc func(ctx context.Context, lastRemoteIndex uint64) (index uint64, exit bool, err error)

type Server

+ func (s *Server) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)

May 22, 2019 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Mar 20, 2019 GO-2022-0559 +13 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Mar 4, 2019 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

type Config

+ func (c *Config) ToTLSUtilConfig() *tlsutil.Config

Jan 28, 2019 GO-2022-0559 +15 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2023-1945: HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Jan 23, 2019 GO-2022-0559 +15 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0874: Incorrect Authorization in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2023-1945: HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

  GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

Changes in this version

+ var ErrRateLimited = errors.New("Rate limit reached, try again later")

Nov 14, 2018 GO-2022-0559 +14 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1852: HashiCorp Consul Incorrect Access Control vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2023-1945: HashiCorp Consul Access Restriction Bypass in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Changes in this version

+ func IsACLRemoteError(err error) bool

+ func ServersGetACLMode(members []serf.Member, leader string, datacenter string) (numServers int, mode structs.ACLMode, leaderMode structs.ACLMode)

type ACL

+ func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.ACLToken) error

+ func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

+ func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) error

+ func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error

+ func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPolicyResponse) error

+ func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

+ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicy) error

+ func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *structs.ACLTokenBatchResponse) error

+ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

+ func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) error

+ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error

+ func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLTokenResponse) error

+ func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

+ type ACLRemoteError struct

+ Err error

+ func (e ACLRemoteError) Error() string

+ type ACLResolver struct

+ func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error)

+ func (r *ACLResolver) ACLsEnabled() bool

+ func (r *ACLResolver) GetMergedPolicyForToken(token string) (*acl.Policy, error)

+ func (r *ACLResolver) ResolveToken(token string) (acl.Authorizer, error)

+ type ACLResolverConfig struct

+ AutoDisable bool

+ CacheConfig *structs.ACLCachesConfig

+ Config *Config

+ Delegate ACLResolverDelegate

+ Logger *log.Logger

+ Sentinel sentinel.Evaluator

+ type ACLResolverDelegate interface

+ ACLDatacenter func(legacy bool) string

+ ACLsEnabled func() bool

+ RPC func(method string, args interface{}, reply interface{}) error

+ ResolveIdentityFromToken func(token string) (bool, structs.ACLIdentity, error)

+ ResolvePolicyFromID func(policyID string) (bool, *structs.ACLPolicy, error)

+ UseLegacyACLs func() bool

type Client

+ func (c *Client) ACLDatacenter(legacy bool) string

+ func (c *Client) ACLsEnabled() bool

+ func (c *Client) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)

+ func (c *Client) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)

+ func (c *Client) ResolveToken(token string) (acl.Authorizer, error)

+ func (c *Client) UseLegacyACLs() bool

type Config

+ ACLDisabledTTL time.Duration

+ ACLPolicyTTL time.Duration

+ ACLReplicationBurst int

+ ACLReplicationRate int

+ ACLTokenReplication bool

+ ACLTokenTTL time.Duration

+ ACLsEnabled bool

+ ConnectReplicationToken string

+ PrimaryDatacenter string

type Server

+ func (s *Server) ACLDatacenter(legacy bool) string

+ func (s *Server) ACLsEnabled() bool

+ func (s *Server) InACLDatacenter() bool

+ func (s *Server) LocalTokensEnabled() bool

+ func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)

+ func (s *Server) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)

+ func (s *Server) ResolveToken(token string) (acl.Authorizer, error)

+ func (s *Server) UseLegacyACLs() bool

Oct 19, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Nov 13, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Oct 11, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Nov 21, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Sep 13, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Jul 30, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Jul 12, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Changes in this version

+ type RemoteACLResult struct

Jun 25, 2018 GO-2022-0559 +12 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0879: Allocation of Resources Without Limits or Throttling in Hashicorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

  GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul

Changes in this version

+ var ErrConnectNotEnabled = errors.New("Connect must be enabled in order to use this endpoint")

+ var ErrIntentionNotFound = errors.New("Intention not found")

type Client

+ func (c *Client) ReloadConfig(config *Config) error

type Config

+ CAConfig *structs.CAConfiguration

+ ConnectEnabled bool

+ type ConnectCA struct

+ func (s *ConnectCA) ConfigurationGet(args *structs.DCSpecificRequest, reply *structs.CAConfiguration) error

+ func (s *ConnectCA) ConfigurationSet(args *structs.CARequest, reply *interface{}) error

+ func (s *ConnectCA) Roots(args *structs.DCSpecificRequest, reply *structs.IndexedCARoots) error

+ func (s *ConnectCA) Sign(args *structs.CASignRequest, reply *structs.IssuedCert) error

+ type EnterpriseClient struct

+ type EnterpriseServer struct

+ type Intention struct

+ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error

+ func (s *Intention) Check(args *structs.IntentionQueryRequest, ...) error

+ func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error

+ func (s *Intention) List(args *structs.DCSpecificRequest, reply *structs.IndexedIntentions) error

+ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentionMatches) error

type Server

+ func (s *Server) ReloadConfig(config *Config) error

Nov 21, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

May 11, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Oct 31, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Nov 21, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Apr 13, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

+ var ErrWANFederationDisabled = fmt.Errorf("WAN Federation is disabled")

Feb 9, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Feb 7, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Feb 6, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Jan 24, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

+ type AutopilotDelegate struct

+ func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config

+ func (d *AutopilotDelegate) FetchStats(ctx context.Context, servers []serf.Member) map[string]*autopilot.ServerStats

+ func (d *AutopilotDelegate) IsServer(m serf.Member) (*autopilot.ServerInfo, error)

+ func (d *AutopilotDelegate) NotifyHealth(health autopilot.OperatorHealthReply)

+ func (d *AutopilotDelegate) PromoteNonVoters(conf *autopilot.Config, health autopilot.OperatorHealthReply) ([]raft.Server, error)

+ func (d *AutopilotDelegate) Raft() *raft.Raft

+ func (d *AutopilotDelegate) Serf() *serf.Serf

Dec 15, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Nov 20, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

type Coordinate

+ func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.IndexedCoordinates) error

Nov 11, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Oct 16, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

type Config

+ ACLEnableKeyListPolicy bool

+ LeaveDrainTime time.Duration

Oct 5, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Sep 28, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Nov 20, 2018 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Sep 8, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

type Client

+ func (c *Client) LANMembersAllSegments() ([]serf.Member, error)

+ func (c *Client) LANSegmentMembers(segment string) ([]serf.Member, error)

type Config

+ RPCMaxBurst int

+ RPCRate rate.Limit

+ Segment string

+ Segments []NetworkSegment

+ type NetworkSegment struct

+ Advertise string

+ Bind string

+ Name string

+ Port int

+ RPCAddr *net.TCPAddr

+ SerfConfig *serf.Config

type Server

+ func (s *Server) LANMembersAllSegments() ([]serf.Member, error)

+ func (s *Server) LANSegmentAddr(name string) string

+ func (s *Server) LANSegmentMembers(segment string) ([]serf.Member, error)

+ func (s *Server) LANSegments() map[string]*serf.Serf

+ type ServerLookup struct

+ func NewServerLookup() *ServerLookup

+ func (sl *ServerLookup) AddServer(server *metadata.Server)

+ func (sl *ServerLookup) RemoveServer(server *metadata.Server)

+ func (sl *ServerLookup) Server(addr raft.ServerAddress) *metadata.Server

+ func (sl *ServerLookup) ServerAddr(id raft.ServerID) (raft.ServerAddress, error)

+ func (sl *ServerLookup) Servers() []*metadata.Server

Sep 6, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Sep 5, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Aug 10, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Aug 9, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

type ACL

+ func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) error

type Client

+ func (c *Client) ServerAddrs() map[string]string

type Config

+ EnableACLReplication bool

type Server

+ func (s *Server) ServerAddrs() map[string]string

Jul 20, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

type Config

+ NotifyListen func()

type Server

+ Listener net.Listener

+ type SessionTimers struct

+ func NewSessionTimers() *SessionTimers

+ func (t *SessionTimers) Del(id string)

+ func (t *SessionTimers) Get(id string) *time.Timer

+ func (t *SessionTimers) Len() int

+ func (t *SessionTimers) ResetOrCreate(id string, ttl time.Duration, afterFunc func())

+ func (t *SessionTimers) Set(id string, tm *time.Timer)

+ func (t *SessionTimers) Stop(id string)

+ func (t *SessionTimers) StopAll()

Jul 17, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Jun 27, 2017 GO-2022-0559 +10 more

  GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul

  GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

  GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul

  GO-2022-0776: Denial of Service (DoS) in HashiCorp Consul in github.com/hashicorp/consul

  GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul

  GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul

  GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul

  GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

  GO-2023-1850: HashiCorp Consul can use cleartext agent-to-agent RPC communication in github.com/hashicorp/consul

  GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

  GO-2023-1853: HashiCorp Consul vulnerable to Origin Validation Error in github.com/hashicorp/consul

Changes in this version

+ const ConsulServiceID

+ const ConsulServiceName

+ const DefaultDC

+ const DefaultLANSerfPort

+ const DefaultRPCPort

+ const DefaultRaftMultiplier

+ const DefaultWANSerfPort

+ const MaxRaftMultiplier

+ const ProtocolVersion2Compatible

+ const ProtocolVersionMax

+ const ProtocolVersionMin

+ const SerfCheckAliveOutput

+ const SerfCheckFailedOutput

+ const SerfCheckID

+ const SerfCheckName

+ const StatusReap

+ var DefaultRPCAddr = &net.TCPAddr

+ var ErrQueryNotFound = errors.New("Query not found")

+ func CanServersUnderstandProtocol(members []serf.Member, version uint8) (bool, error)

+ func FilterDirEnt(acl acl.ACL, ent structs.DirEntries) structs.DirEntries

+ func FilterEntries(f Filter) int

+ func FilterKeys(acl acl.ACL, keys []string) []string

+ func FilterTxnResults(acl acl.ACL, results structs.TxnResults) structs.TxnResults

+ func GetPrivateIP() (net.IP, error)

+ func GetPublicIPv6() (net.IP, error)

+ func NewFSM(gc *state.TombstoneGC, logOutput io.Writer) (*consulFSM, error)

+ func ServerMinRaftProtocol(members []serf.Member) (int, error)

+ func ServersMeetMinimumVersion(members []serf.Member, minVersion *version.Version) bool

+ func SnapshotRPC(connPool *pool.ConnPool, dc string, addr net.Addr, useTLS bool, ...) (io.ReadCloser, error)

+ type ACL struct

+ func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error

+ func (a *ACL) Get(args *structs.ACLSpecificRequest, reply *structs.IndexedACLs) error

+ func (a *ACL) GetPolicy(args *structs.ACLPolicyRequest, reply *structs.ACLPolicy) error

+ func (a *ACL) List(args *structs.DCSpecificRequest, reply *structs.IndexedACLs) error

+ func (a *ACL) ReplicationStatus(args *structs.DCSpecificRequest, reply *structs.ACLReplicationStatus) error

+ type AutopilotPolicy interface

+ PromoteNonVoters func(*structs.AutopilotConfig) error

+ type BasicAutopilot struct

+ func (b *BasicAutopilot) PromoteNonVoters(autopilotConfig *structs.AutopilotConfig) error

+ type Catalog struct

+ func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) error

+ func (c *Catalog) ListDatacenters(args *struct{}, reply *[]string) error

+ func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedNodes) error

+ func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.IndexedServices) error

+ func (c *Catalog) NodeServices(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServices) error

+ func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error

+ func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceNodes) error

+ type Client struct

+ func NewClient(config *Config) (*Client, error)

+ func NewClientLogger(config *Config, logger *log.Logger) (*Client, error)

+ func (c *Client) Encrypted() bool

+ func (c *Client) GetLANCoordinate() (*coordinate.Coordinate, error)

+ func (c *Client) JoinLAN(addrs []string) (int, error)

+ func (c *Client) KeyManagerLAN() *serf.KeyManager

+ func (c *Client) LANMembers() []serf.Member

+ func (c *Client) Leave() error

+ func (c *Client) LocalMember() serf.Member

+ func (c *Client) RPC(method string, args interface{}, reply interface{}) error

+ func (c *Client) RemoveFailedNode(node string) error

+ func (c *Client) Shutdown() error

+ func (c *Client) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, ...) error

+ func (c *Client) Stats() map[string]map[string]string

+ type Config struct

+ ACLAgentToken string

+ ACLDatacenter string

+ ACLDefaultPolicy string

+ ACLDownPolicy string

+ ACLEnforceVersion8 bool

+ ACLMasterToken string

+ ACLReplicationApplyLimit int

+ ACLReplicationInterval time.Duration

+ ACLReplicationToken string

+ ACLTTL time.Duration

+ ACLToken string

+ AutopilotConfig *structs.AutopilotConfig

+ AutopilotInterval time.Duration

+ Bootstrap bool

+ BootstrapExpect int

+ Build string

+ CAFile string

+ CAPath string

+ CertFile string

+ CoordinateUpdateBatchSize int

+ CoordinateUpdateMaxBatches int

+ CoordinateUpdatePeriod time.Duration

+ DataDir string

+ Datacenter string

+ DevMode bool

+ Domain string

+ KeyFile string

+ LogOutput io.Writer

+ NodeID types.NodeID

+ NodeName string

+ NonVoter bool

+ ProtocolVersion uint8

+ RPCAddr *net.TCPAddr

+ RPCAdvertise *net.TCPAddr

+ RPCHoldTimeout time.Duration

+ RPCSrcAddr *net.TCPAddr

+ RaftConfig *raft.Config

+ ReconcileInterval time.Duration

+ RejoinAfterLeave bool

+ SerfFloodInterval time.Duration

+ SerfLANConfig *serf.Config

+ SerfWANConfig *serf.Config

+ ServerHealthInterval time.Duration

+ ServerName string

+ ServerUp func()

+ SessionTTLMin time.Duration

+ TLSCipherSuites []uint16

+ TLSMinVersion string

+ TLSPreferServerCipherSuites bool

+ TombstoneTTL time.Duration

+ TombstoneTTLGranularity time.Duration

+ UseTLS bool

+ UserEventHandler func(serf.UserEvent)

+ VerifyIncoming bool

+ VerifyOutgoing bool

+ VerifyServerHostname bool

+ func DefaultConfig() *Config

+ func (c *Config) CheckACL() error

+ func (c *Config) CheckProtocolVersion() error

+ func (c *Config) GetTokenForAgent() string

+ func (c *Config) ScaleRaft(raftMultRaw uint)

+ type Coordinate struct

+ func NewCoordinate(srv *Server) *Coordinate

+ func (c *Coordinate) ListDatacenters(args *struct{}, reply *[]structs.DatacenterMap) error

+ func (c *Coordinate) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedCoordinates) error

+ func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct{}) (err error)

+ type Filter interface

+ Filter func(int) bool

+ Len func() int

+ Move func(dst, src, span int)

+ type Health struct

+ func (h *Health) ChecksInState(args *structs.ChecksInStateRequest, reply *structs.IndexedHealthChecks) error

+ func (h *Health) NodeChecks(args *structs.NodeSpecificRequest, reply *structs.IndexedHealthChecks) error

+ func (h *Health) ServiceChecks(args *structs.ServiceSpecificRequest, reply *structs.IndexedHealthChecks) error

+ func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error

+ type Internal struct

+ func (m *Internal) EventFire(args *structs.EventFireRequest, reply *structs.EventFireResponse) error

+ func (m *Internal) KeyringOperation(args *structs.KeyringRequest, reply *structs.KeyringResponses) error

+ func (m *Internal) NodeDump(args *structs.DCSpecificRequest, reply *structs.IndexedNodeDump) error

+ func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeDump) error

+ type KVS struct

+ func (k *KVS) Apply(args *structs.KVSRequest, reply *bool) error

+ func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

+ func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

+ func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyList) error

+ type Operator struct

+ func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *structs.AutopilotConfig) error

+ func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error

+ func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply *structs.RaftConfigurationResponse) error

+ func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, reply *struct{}) error

+ func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, reply *struct{}) error

+ func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.OperatorHealthReply) error

+ type PreparedQuery struct

+ func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string) (err error)

+ func (p *PreparedQuery) Execute(args *structs.PreparedQueryExecuteRequest, ...) error

+ func (p *PreparedQuery) ExecuteRemote(args *structs.PreparedQueryExecuteRemoteRequest, ...) error

+ func (p *PreparedQuery) Explain(args *structs.PreparedQueryExecuteRequest, ...) error

+ func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest, ...) error

+ func (p *PreparedQuery) List(args *structs.DCSpecificRequest, reply *structs.IndexedPreparedQueries) error

+ type RaftLayer struct

+ func NewRaftLayer(src, addr net.Addr, tlsWrap tlsutil.Wrapper, ...) *RaftLayer

+ func (l *RaftLayer) Accept() (net.Conn, error)

+ func (l *RaftLayer) Addr() net.Addr

+ func (l *RaftLayer) Close() error

+ func (l *RaftLayer) Dial(address raft.ServerAddress, timeout time.Duration) (net.Conn, error)

+ func (l *RaftLayer) Handoff(c net.Conn) error

+ type Server struct

+ func NewServer(config *Config) (*Server, error)

+ func NewServerLogger(config *Config, logger *log.Logger) (*Server, error)

+ func (s *Server) Encrypted() bool

+ func (s *Server) Flood(portFn servers.FloodPortFn, global *serf.Serf)

+ func (s *Server) FloodNotify()

+ func (s *Server) GetLANCoordinate() (*coordinate.Coordinate, error)

+ func (s *Server) GetWANCoordinate() (*coordinate.Coordinate, error)

+ func (s *Server) IsACLReplicationEnabled() bool

+ func (s *Server) IsLeader() bool

+ func (s *Server) JoinLAN(addrs []string) (int, error)

+ func (s *Server) JoinWAN(addrs []string) (int, error)

+ func (s *Server) KeyManagerLAN() *serf.KeyManager

+ func (s *Server) KeyManagerWAN() *serf.KeyManager

+ func (s *Server) LANMembers() []serf.Member

+ func (s *Server) Leave() error

+ func (s *Server) LocalMember() serf.Member

+ func (s *Server) RPC(method string, args interface{}, reply interface{}) error

+ func (s *Server) RegisterEndpoint(name string, handler interface{}) error

+ func (s *Server) RemoveFailedNode(node string) error

+ func (s *Server) Shutdown() error

+ func (s *Server) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, ...) error

+ func (s *Server) Stats() map[string]map[string]string

+ func (s *Server) WANMembers() []serf.Member

+ type Session struct

+ func (s *Session) Apply(args *structs.SessionRequest, reply *string) error

+ func (s *Session) Get(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error

+ func (s *Session) List(args *structs.DCSpecificRequest, reply *structs.IndexedSessions) error

+ func (s *Session) NodeSessions(args *structs.NodeSpecificRequest, reply *structs.IndexedSessions) error

+ func (s *Session) Renew(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error

+ type StatsFetcher struct

+ func NewStatsFetcher(logger *log.Logger, pool *pool.ConnPool, datacenter string) *StatsFetcher

+ func (f *StatsFetcher) Fetch(ctx context.Context, servers []*agent.Server) map[string]*structs.ServerStats

+ type Status struct

+ func (s *Status) Leader(args struct{}, reply *string) error

+ func (s *Status) Peers(args struct{}, reply *[]string) error

+ func (s *Status) Ping(args struct{}, reply *struct{}) error

+ func (s *Status) RaftStats(args struct{}, reply *structs.ServerStats) error

+ type Txn struct

+ func (t *Txn) Apply(args *structs.TxnRequest, reply *structs.TxnResponse) error

+ func (t *Txn) Read(args *structs.TxnReadRequest, reply *structs.TxnReadResponse) error