vulnerability
Arch Linux: Certificate verification bypass (CVE-2021-32574)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jul 17, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jul 17, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
HashiCorp Consul before version 1.9.8 does not validate SSL certificates correctly: xds does not ensure that the Subject Alternative Name of an upstream is validated.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-32574
- https://attackerkb.com/topics/CVE-2021-32574
- URL-https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
- URL-https://github.com/hashicorp/consul/releases/tag/v1.10.1
- URL-https://security.archlinux.org/ASA-202107-69
- URL-https://security.gentoo.org/glsa/202208-09
- URL-https://www.hashicorp.com/blog/category/consul
- CWE-295
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.