We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10086

Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation



AssignerHashiCorp
Reserved2024-10-17
Published2024-10-30
Updated2024-10-31

Description

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Product status

Default status
unaffected

1.4.1 before 1.20.0
affected

Default status
unaffected

1.4.1 before 1.20.0
affected

References

https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation

cve.org CVE-2024-10086

nvd.nist.gov CVE-2024-10086

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10086
Subscribe to our newsletter to learn more about our work.