Unchecked Return Value
CVE-2022-40716
Summary
HashiCorp Consul and Consul Enterprise versions through 1.11.8, 1.12.x through 1.12.4 and 1.13.x through 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- NONE
- NONE
CWE-252 - Unchecked Return Value
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
References
Advisory Timeline
- Published