VYPR
Moderate severityNVD Advisory· Published Sep 23, 2022· Updated May 27, 2025

CVE-2022-40716

CVE-2022-40716

Description

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/consulGo
< 1.11.91.11.9
github.com/hashicorp/consulGo
>= 1.12.0, < 1.12.51.12.5
github.com/hashicorp/consulGo
>= 1.13.0, < 1.13.21.13.2

Affected products

29

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.