HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration when explicitly configured with the /v1/connect/ca/configuration endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration when explicitly configured with the /v1/connect/ca/configuration endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020 https://github.com/hashicorp/consul/issues/9240 https://github.com/hashicorp/consul/commit/fd5928fa4ef21f935f4331a422504eecb89d0af5
Vulmon