2023-01-08 15:26:05 +00:00
id : CVE-2022-29153
info :
2023-01-08 15:43:00 +00:00
name : HashiCorp Consul/Enterprise - Server Side Request Forgery
2023-01-08 15:26:05 +00:00
author : c-sh0
severity : high
2023-01-08 15:43:00 +00:00
description : |
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Consul follows HTTP redirects by default. HTTP + Interval health check configuration now provides a disable_redirects option to prohibit this behavior.
2023-01-08 15:26:05 +00:00
reference :
- https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
- https://github.com/hashicorp/consul/pull/12685
- https://developer.hashicorp.com/consul/docs/discovery/checks
2023-01-08 15:43:00 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2022-29153
2023-01-08 15:26:05 +00:00
classification :
2023-01-10 12:47:52 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cvss-score : 7.5
2023-01-08 15:26:05 +00:00
cve-id : CVE-2022-29153
2023-01-10 12:47:52 +00:00
cwe-id : CWE-918
2023-01-08 15:43:00 +00:00
metadata :
shodan-query : title:"Consul by HashiCorp"
2023-01-10 12:47:52 +00:00
verified : "true"
2023-01-08 15:43:00 +00:00
tags : cve,cve2022,consul,hashicorp,ssrf
2023-01-08 15:26:05 +00:00
requests :
- raw :
- |
2023-01-08 15:43:00 +00:00
PUT /v1/agent/check/register HTTP/1.1
2023-01-08 15:26:05 +00:00
Host : {{Hostname}}
Content-Type : application/json
{
"id": "{{randstr}}" ,
"name": "{{randstr}}" ,
"method": "GET" ,
"http": "/dev/null" ,
"interval": "10s" ,
"timeout": "1s" ,
"disable_redirects": true
}
matchers-condition : and
matchers :
- type : word
part : body
words :
2023-01-08 15:43:00 +00:00
- unknown field "disable_redirects"
- type : status
status :
- 400
