Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1

docs: make gossip threat model more visible
This commit is contained in:
Jared Kirschner 2022-03-23 14:54:17 -04:00 committed by GitHub
commit 9db69653e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions

View File

@ -407,7 +407,9 @@ The following are not part of the threat model for client agents:
configured identity, and extract information from Consul when ACLs are disabled.
- **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog
information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
information.
- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key.
- **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service