.. / CVE-2022-29153

Exploit for HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery (CVE-2022-29153)

Description:

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2022-29153.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-29153.yaml

References:

https://developer.hashicorp.com/consul/docs/discovery/checks
https://discuss.hashicorp.com
https://github.com/hashicorp/consul/pull/12685
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
https://nvd.nist.gov/vuln/detail/CVE-2022-29153

.. / CVE-2022-29153 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery (CVE-2022-29153)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-29153