GCVE - cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*

part: a version: 1.13.1 update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Consul (`5323a3d1-770c-5792-8baa-0ccc723628c6`)
Edition	*
Language	*
Software edition	-
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/consul`	purl2cpe	2026-06-01 10:14:57.185544
`pkg:deb/ubuntu/consul`	purl2cpe	2026-06-01 10:14:57.185545
`pkg:github/hashicorp/consul`	purl2cpe	2026-06-01 10:14:57.185546

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-41803`	vulnerable	2026-06-03 14:45:26.251859	Details available HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2." Published: 2022-09-23T00:00:00.000Z Updated: 2025-05-27T15:22:09.400Z Open on db.gcve.eu Reference links https://www.hashicorp.com/blog/category/consul https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.