Source: consul X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for consul. CVE-2021-41803[0]: | HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not | properly validate the node or segment names prior to interpolation and | usage in JWT claim assertions with the auto config RPC. Fixed in | 1.11.9, 1.12.5, and 1.13.2." https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41803 https://www.cve.org/CVERecord?id=CVE-2021-41803 Please adjust the affected versions in the BTS as needed.