status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/website/pages
History
Freddy ff5215d882 Require operator:write to get Connect CA config (#9240) 
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
 		2020-11-23 06:27:20 -07:00
..
api-docs Require operator:write to get Connect CA config (#9240) 2020-11-23 06:27:20 -07:00
commands Add a CLI command for retrieving the autopilot configuration. (#9142) 2020-11-11 18:19:32 +00:00
community round 2 2020-09-15 12:01:47 -04:00
docs Docs for upgrading to CRDs (#9176) 2020-11-13 23:20:11 +00:00
downloads website: update callout to 1.9.0-beta3 2020-11-09 16:16:34 -05:00
home Add Using in Production Question (#8718) 2020-09-21 20:08:44 -04:00
intro docs: all intention documentation updates (#8869) 2020-10-14 10:23:05 -05:00
partials
security
use-cases Add files via upload 2020-10-13 15:16:34 -07:00
404.jsx
_app.js [Website] Add HashiStackMenu to website (#8854) 2020-10-09 10:48:21 -05:00
_document.js
_error.jsx
_temporary_button.css
index.jsx
print.css
style.css Expose `expirationDate` prop in <AlertBanner/> 2020-10-23 11:19:41 -04:00