Moderate severityNVD Advisory· Published Dec 9, 2018· Updated Aug 5, 2024
CVE-2018-19653
CVE-2018-19653
Description
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 0.5.1, < 1.4.1 | 1.4.1 |
Affected products
7- osv-coords7 versionspkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:golang/github.com/hashicorp/consul
< 5.6.0-r11+ 6 more
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: >= 0.5.1, < 1.4.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-4qvx-qq5w-695pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19653ghsaADVISORY
- github.com/hashicorp/consul/commit/b64e8b262f80397eab4f39c6ae7e14683cb9f55cghsaWEB
- github.com/hashicorp/consul/pull/5069ghsax_refsource_MISCWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.