MetaSpore icon indicating copy to clipboard operation
MetaSpore copied to clipboard
verified publisher icon meta-soul

Fix GHSL-2025-037: Add Consul ACL authentication to prevent RCE

Open artsploit opened this issue 3 months ago • 0 comments

  • Enable Consul ACL with token-based authentication
  • Use CONSUL_INITIAL_MANAGEMENT_TOKEN environment variable (default: CHANGE-ME-IN-PRODUCTION)
  • Configure Spring Cloud Consul client to use ACL token
  • All unauthorized Consul API requests now blocked with 403
  • Prevents RCE via SpEL injection through unprotected Consul instance

Changes:

  • docker-compose.yml: Enable ACL in Consul with inline HCL configuration
  • bootstrap.yml: Add acl-token configuration for Spring Cloud Consul client

artsploit avatar Nov 11 '25 12:11 artsploit