Overview
- Description
- A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.
- Source
- security@hashicorp.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10086 (Published: 2024-10-30) - High severity alert for HashiCorp Consul! This vulnerability allows reflected XSS via content-type error manipulation. Affected versions: check your deployments! 🔒 Remediation: Update to the latest version as per guidance here:… https:
@transilienceai
1 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10086 (Published: 2024-10-30) - High severity alert for HashiCorp Consul! This vulnerability allows reflected XSS via content type error manipulation. Affects specific versions. 🔒 Remediation: Update to the latest version as per guidance. Stay secure! More info:… htt
@transilienceai
1 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10086 A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided… https://t.co/cwggsHzhMV
@CVEnew
30 Oct 2024
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9B18D72-3819-4927-AF49-239668B4719D",
"versionEndExcluding": "1.15.15",
"versionStartIncluding": "1.4.1"
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6471636F-7182-4F2D-B80E-25D46AE453F2",
"versionEndExcluding": "1.20.0",
"versionStartIncluding": "1.4.1"
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36CDCEB8-8B22-4290-9071-81CE3F0F6B95",
"versionEndExcluding": "1.18.5",
"versionStartIncluding": "1.18.0"
},
{
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AB043DB-FC48-4DE7-80BA-EC410ECD44F2",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0"
}
],
"operator": "OR"
}
]
}
]