consul/website/pages
Freddy fd5928fa4e
Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
..
api-docs Require operator:write to get Connect CA config (#9240) 2020-11-19 10:14:48 -07:00
commands Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 13:19:02 -05:00
community round 2 2020-09-15 12:01:47 -04:00
docs Merge pull request #9091 from scellef/correct-upgrade-guide 2020-11-18 16:54:48 -08:00
downloads Merge pull request #9155 from hashicorp/release/1.9.0-beta3 2020-11-13 16:45:50 -05:00
home Add Using in Production Question (#8718) 2020-09-21 20:08:44 -04:00
intro [docs] Change links to the DNS information to the right place (#8675) 2020-11-17 10:03:00 -05:00
partials update deps, format all files 2020-07-08 19:12:34 -04:00
security
use-cases Add files via upload 2020-10-13 15:16:34 -07:00
404.jsx update dependencies 2020-05-21 14:50:45 -04:00
_app.js [Website] Add HashiStackMenu to website (#8854) 2020-10-09 10:48:21 -05:00
_document.js
_error.jsx update dependencies 2020-05-21 14:50:45 -04:00
_temporary_button.css
index.jsx Test Netlify build 2020-05-13 23:44:22 -07:00
print.css
style.css Expose `expirationDate` prop in <AlertBanner/> 2020-10-23 11:19:41 -04:00