hashicorp-consul-unauth: Hashicorp Consul API Unauthenticated

日期: 2025-08-01 | 影响软件: Hashicorp Consul | POC: 已公开

漏洞描述

In HashiCorp Consul's API without authentication arises when Consul is improperly secured, exposing its endpoints to unauthorized access.

PoC代码[已公开]

id: hashicorp-consul-unauth
info:
  name: Hashicorp Consul API Unauthenticated
  author: pussycat0x
  severity: medium
  description: |
    In HashiCorp Consul's API without authentication arises when Consul is improperly secured, exposing its endpoints to unauthorized access.
  reference:
    - https://www.acunetix.com/vulnerabilities/web/hashicorp-consul-api-is-accessible-without-authentication/
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"Consul"
  tags: hashicorp,consul,unauth,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/v1/health/service/consul"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Node"
          - "Service"
          - "consul-network-segment"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c4c57faf6b8b19423490d9cec2f89c48adccbce0561dbf6bdb7c1c094f3c781f02206c98e37f5cde8cffa9f24f4f8aebcfe5d019eb36a24bf4b14384beade4b15859:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/hashicorp-consul-unauth.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐