Medium severity6.1NVD Advisory· Published Oct 30, 2024· Updated Jun 17, 2026
CVE-2024-10086
CVE-2024-10086
Description
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.4.1, < 1.20.0 | 1.20.0 |
Affected products
30- osv-coords28 versionspkg:apk/chainguard/consul-1.19pkg:apk/chainguard/consul-1.20pkg:apk/chainguard/consul-1.20-oci-entrypointpkg:apk/chainguard/consul-1.20-oci-entrypoint-compatpkg:apk/chainguard/consul-1.21pkg:apk/chainguard/consul-1.21-oci-entrypointpkg:apk/chainguard/consul-1.21-oci-entrypoint-compatpkg:apk/chainguard/consul-1.22pkg:apk/chainguard/consul-1.22-oci-entrypointpkg:apk/chainguard/consul-1.22-oci-entrypoint-compatpkg:apk/chainguard/consul-fips-1.19pkg:apk/chainguard/consul-fips-1.20pkg:apk/chainguard/consul-fips-1.20-oci-entrypointpkg:apk/chainguard/consul-fips-1.20-oci-entrypoint-compatpkg:apk/chainguard/consul-fips-1.21pkg:apk/chainguard/consul-fips-1.21-oci-entrypointpkg:apk/chainguard/consul-fips-1.21-oci-entrypoint-compatpkg:apk/chainguard/consul-fips-1.22pkg:apk/chainguard/consul-fips-1.22-oci-entrypointpkg:apk/chainguard/consul-fips-1.22-oci-entrypoint-compatpkg:bitnami/consulpkg:golang/github.com/hashicorp/consulpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Package%20Hub%2012
< 1.19.2-r47+ 27 more
- (no CPE)range: < 1.19.2-r47
- (no CPE)range: < 1.20.6-r11
- (no CPE)range: < 1.20.6-r11
- (no CPE)range: < 1.20.6-r11
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.22.1-r2
- (no CPE)range: < 1.19.2-r47
- (no CPE)range: < 1.20.6-r10
- (no CPE)range: < 1.20.6-r10
- (no CPE)range: < 1.20.6-r10
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.21.5-r6
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: < 1.22.2-r1
- (no CPE)range: >= 1.4.1, < 1.20.0
- (no CPE)range: >= 1.4.1, < 1.20.0
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-1.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-150000.1.12.1
- (no CPE)range: < 0.0.20241104T154416-5.1
- Range: 1.4.1
Patches
Vulnerability mechanics
References
6- discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulationnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-99wr-c2px-grmhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-10086ghsaADVISORY
- github.com/hashicorp/consul/commit/07fae7bb0be8593cc98c38b1ef4a49ed9188932fghsaWEB
- security.netapp.com/advisory/ntap-20250110-0006ghsaWEB
- security.netapp.com/advisory/ntap-20250110-0006/nvd
News mentions
0No linked articles in our index yet.