GCVE - cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*

part: a version: * update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Consul (`5323a3d1-770c-5792-8baa-0ccc723628c6`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/consul`	purl2cpe	2026-06-01 10:14:57.350122
`pkg:deb/ubuntu/consul`	purl2cpe	2026-06-01 10:14:57.350124
`pkg:github/hashicorp/consul`	purl2cpe	2026-06-01 10:14:57.350125

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-10086`	vulnerable	2026-06-03 14:54:04.869218	Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation MEDIUM (6.1) A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS. Published: 2024-10-30T21:21:46.559Z Updated: 2025-01-10T13:06:42.658Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10006`	vulnerable	2026-06-03 14:54:04.677585	Consul L7 Intentions Vulnerable To Headers Bypass HIGH (8.3) A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. Published: 2024-10-30T21:20:37.011Z Updated: 2025-01-10T13:06:41.296Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10005`	vulnerable	2026-06-03 14:54:04.674615	Consul L7 Intentions Vulnerable To URL Path Bypass HIGH (8.1) A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. Published: 2024-10-30T21:19:22.576Z Updated: 2025-01-10T13:06:39.935Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-8336`	vulnerable	2026-06-03 14:40:47.474894	Details available HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "<hidden>" as its secret is used in unusual circumstances. Published: 2019-03-05T23:00:00.000Z Updated: 2024-08-04T21:17:31.211Z Open on db.gcve.eu Reference links https://github.com/hashicorp/consul/issues/5423	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.