Affected by GO-2022-0559
and 11 other vulnerabilities
GO-2022-0559: HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. in github.com/hashicorp/consul
GO-2022-0593: HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul
GO-2022-0615: Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector in github.com/hashicorp/consul
GO-2022-0894: Hashicorp Consul Missing SSL Certificate Validation in github.com/hashicorp/consul
GO-2022-0895: HashiCorp Consul L7 deny intention results in an allow action in github.com/hashicorp/consul
GO-2022-0953: HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
GO-2022-1029: HashiCorp Consul vulnerable to authorization bypass in github.com/hashicorp/consul
GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
GO-2023-1851: HashiCorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
GO-2024-2501: Denial of service in HashiCorp Consul in github.com/hashicorp/consul
GO-2024-2505: Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul
GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul
This is a Go library that is being incubated in Consul to assist in doing
opinionated OIDC-based single sign on.
The go.mod.sample and go.sum.sample files are what the overall real
go.mod and go.sum files should end up being when extracted from the Consul
codebase.
package oidcauth bundles up an opinionated approach to authentication using both the OIDC authorization code workflow and simple JWT decoding (via static keys, JWKS, and OIDC discovery).
package oidcauth bundles up an opinionated approach to authentication using both the OIDC authorization code workflow and simple JWT decoding (via static keys, JWKS, and OIDC discovery).