mirror of https://github.com/status-im/consul.git
Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1
docs: make gossip threat model more visible
This commit is contained in:
commit
9db69653e4
|
@ -407,7 +407,9 @@ The following are not part of the threat model for client agents:
|
|||
configured identity, and extract information from Consul when ACLs are disabled.
|
||||
|
||||
- **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog
|
||||
information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
|
||||
information.
|
||||
|
||||
- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
|
||||
agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key.
|
||||
|
||||
- **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service
|
||||
|
|
Loading…
Reference in New Issue