CVE-2021-38698

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-38698
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38698.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-38698
Aliases
Downstream
Related
Published
2021-09-07T12:15:07.930Z
Modified
2026-05-19T00:39:03.235678Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.

References

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/consul
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a4f67ec2bffec430e6677dc5a449e89b9b56aa13
Introduced
a417fe51040a33039d3282e31c6c6b6f4fd1f886
Fixed
b0906b5bb0b6df6149aa1645d331030f5e85be30
Introduced
27de64da7095570012e9f8f7aec16aaf66d2a773
Fixed
3cb6eeedbda90aad6b387b89917971086d6cf6b5
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.15"
        },
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.9"
        },
        {
            "introduced": "1.10.0"
        },
        {
            "fixed": "1.10.2"
        }
    ],
    "cpe": [
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"
    ],
    "source": "CPE_FIELD"
}

Affected versions

api/v1.*
api/v1.0.0
api/v1.0.1
api/v1.1.0
api/v1.2.0
api/v1.4.0
api/v1.7.0
api/v1.8.1
api/v1.9.1
internal/v0.*
internal/v0.1.0
sdk/v0.*
sdk/v0.1.0
sdk/v0.1.1
sdk/v0.2.0
sdk/v0.4.0
sdk/v0.6.0
v0.*
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.0rc1
v0.5.1
v0.5.2
v0.6.0
v0.6.0-rc1
v0.6.0-rc2
v0.6.1
v0.6.3
v0.6.4
v0.6.4-rc3
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.1
v0.7.2
v0.7.2-rc1
v0.7.3
v0.7.4
v0.8.0
v0.8.0-rc1
v0.8.1
v0.8.2
v0.8.4
v0.8.5
v0.9.0
v0.9.0-rc1
v0.9.1
v0.9.2
v0.9.3
v0.9.3-rc1
v0.9.3-rc2
v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.1
v1.0.1-rc1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.1.0
v1.10.0-beta1
v1.10.0-beta2
v1.10.0-beta4
v1.10.0-rc
v1.10.0-rc2
v1.10.1
v1.10.1-beta1
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.4.0
v1.4.0-rc1
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.1
v1.7.0
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.8.0-beta1
v1.8.0-beta2
v1.8.10
v1.8.11-beta2
v1.8.12
v1.8.13
v1.8.14
v1.8.3
v1.8.4
v1.8.7
v1.8.7-beta1
v1.8.9
v1.8.9-beta1
v1.9.1
v1.9.2
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38698.json"