CVE-2024-10006

Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644)

Published: Oct 30, 2024 / Updated: 20d ago

010
CVSS 5.8EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. This vulnerability is related to improper neutralization of HTTP headers for scripting syntax.

Impact

This vulnerability allows attackers to bypass HTTP header-based access rules in Consul and Consul Enterprise. The impact is rated as LOW for confidentiality, integrity, and availability. However, the overall base score is 8.3 (High severity) due to the network attack vector, low attack complexity, and the potential for the scope to change. This means that while the direct impact on the system might be limited, the vulnerability could be exploited to affect resources beyond its intended scope. The attack vector is network-based, requires no user interaction, and can be executed with low complexity, making it potentially attractive to attackers.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of October 31, 2024, patches have been made available. The vulnerability has been addressed in the Github Advisory (GHSA-5c4w-8hhh-3c3h) and a Red Hat Bugzilla entry (Bug ID: 2322858) has been created. While specific version information is not provided in the given data, it's recommended to check these sources for the latest patched versions of Consul and Consul Enterprise.

Mitigation

While specific mitigation steps are not provided in the given data, general recommendations for this type of vulnerability (CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax) typically include: 1. Updating to the latest patched version of Consul and Consul Enterprise as soon as possible. 2. Reviewing and strengthening HTTP header-based access rules. 3. Implementing additional network segmentation to limit potential attack vectors. 4. Monitoring for any suspicious activities related to L7 traffic intentions and HTTP header manipulation. 5. Considering the implementation of a Web Application Firewall (WAF) as an additional layer of protection. Given the high severity score (CVSS 8.3) and the potential for scope change, prioritizing the patching of this vulnerability should be considered high.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-10006. See article

Oct 30, 2024 at 9:22 PM / Security - HashiCorp Discuss
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 30, 2024 at 9:22 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 30, 2024 at 9:26 PM
CVE Assignment

NVD published the first details for CVE-2024-10006

Oct 30, 2024 at 10:15 PM
CVSS

A CVSS base score of 8.3 has been assigned.

Oct 30, 2024 at 10:20 PM / nvd
Vendor Advisory

GitHub Advisories released a security advisory.

Oct 31, 2024 at 12:30 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 31, 2024 at 9:57 AM
Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-10006).

Oct 31, 2024 at 4:35 PM
CVSS

A CVSS base score of 8.3 has been assigned.

Oct 31, 2024 at 4:35 PM / redhat-cve-advisories
Static CVE Timeline Graph

Affected Systems

Hashicorp/consul
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-104: Cross Zone Scripting
+null more

Vendor Advisory

[GHSA-5c4w-8hhh-3c3h] Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
GitHub Security Advisory: GHSA-5c4w-8hhh-3c3h Release Date: 2024-10-31 Update Date: 2024-11-04 Severity: Moderate CVE-2024-10006 Package Information Package: github.com/hashicorp/consul Affected Versions: >= 1.9.0, Patched Versions: 1.20.1 Description A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. References https://nvd.nist.gov/vuln/detail/CVE-2024-10006 https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass hashicorp/consul#21816 hashicorp/consul@d9206fc GHSA-5c4w-8hhh-3c3h

References

HCSEC-2024-23 - Consul L7 Intentions Vulnerable To Headers Bypass
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. Headers are part of HTTP permissions configurable in the L7 intentions to control traffic based on matching one or more provided values.

News

SUSE SLES15 / openSUSE 15 Security Update : govulncheck-vulndb (SUSE-SU-2024:3950-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3950-1 advisory. The remote SUSE host is missing one or more security updates.
suse_linux SUSE-SU-2024:3950-1: SUSE SLES15 / openSUSE 15 : Security update for govulncheck-vulndb (Moderate) (SUSE-SU-2024:3950-1)
Development Last Updated: 11/9/2024 CVEs: CVE-2024-50052 , CVE-2024-10005 , CVE-2024-10452 , CVE-2024-0133 , CVE-2024-10086 , CVE-2024-46872 , CVE-2024-10006 , CVE-2024-0132 , CVE-2024-39720 , CVE-2024-50354 , CVE-2024-8185 , CVE-2024-47401
Security: Mehrere Probleme in govulncheck-vulndb (SUSE)
* SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5
Govulncheck-vulndb, QEmu, Ruby3.3-Rubygem-Actionmailer, Chromedriver, Python, Libheif, Chromium updates for SUSE
SUSE Linux has been updated with several security enhancements, including moderate updates for govulncheck-vulndb, qemu, ruby3.3-rubygem-actionmailer, chromedriver, python312, libheif, python311, and chromium: These are all security issues fixed in the ruby3.3-rubygem-actionmailer-7.0-7.0.8.6-1.1 package on the GA media of openSUSE Tumbleweed.
SUSE: 2024:3950-1 moderate: govulncheck-vulndb Security Advisory Updates
* SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP6
See 19 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Changed
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI