agollo 依赖的github.com/bketelsen/crypt 版本太低，存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞

依赖的github.com/bketelsen/crypt 版本太低，存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞

Open jiezinaxumi opened this issue 1 year ago • 0 comments

依赖的github.com/bketelsen/crypt 0.0.4 （depend github.com/hashicorp/consul/api v1.1.0）版本太低，存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞。

HashiCorp Consul is vulnerable to privilege escalation due to the improper authorization of certificates that are being used for Raft requests. A remote attacker that has a non-server certificate that has been signed by the Consul certificate authority could access server-only Raft RPC functionality.

升级到 github.com/bketelsen/crypt 0.0.5（ depend github.com/hashicorp/consul/api v1.11.0）可以解决，已提PR ： https://github.com/shima-park/agollo/pull/81 ，请审核

Jul 14 '23 05:07 jiezinaxumi

agollo agollo copied to clipboard

依赖的github.com/bketelsen/crypt 版本太低，存在 CWE-285/CWE-770/CWE-125/CWE-863/CWE-79安全漏洞

agollo
agollo copied to clipboard