vulnerability
Arch Linux: Access restriction bypass (CVE-2021-36213)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jul 17, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jul 17, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-36213
- https://attackerkb.com/topics/CVE-2021-36213
- URL-https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855
- URL-https://github.com/hashicorp/consul/releases/tag/v1.10.1
- URL-https://security.archlinux.org/ASA-202107-69
- URL-https://security.gentoo.org/glsa/202208-09
- URL-https://www.hashicorp.com/blog/category/consul
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.