Affected by GO-2023-1827 and 6 other vulnerabilities

GO-2023-1827: Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul

GO-2023-1828: Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul

GO-2024-3241: Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in github.com/hashicorp/consul

GO-2024-3242: Hashicorp Consul Cross-site Scripting vulnerability in github.com/hashicorp/consul

GO-2024-3243: Hashicorp Consul Path Traversal vulnerability in github.com/hashicorp/consul

GO-2025-4081: Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul

GO-2025-4082: Consul event endpoint is vulnerable to denial of service in github.com/hashicorp/consul

servercert

package

v1.15.2 Latest Latest Go to latest Published: Mar 30, 2023 License: MPL-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/consul

Links

Open Source Insights

Documentation ¶

Index ¶

type Cache
type CertManager
- func NewCertManager(deps Deps) *CertManager
- func (m *CertManager) Start(ctx context.Context) error
type Config
type Deps
type Store
type TLSConfigurator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Cache ¶

type Cache interface {
	Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error
}

Cache is an interface to represent the necessary methods of the agent/cache.Cache. It is used to request and renew the server leaf certificate.

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager is responsible for requesting and renewing the leaf cert for server agents. The server certificate is managed internally and used for peering control-plane traffic to the TLS-enabled external gRPC port.

func NewCertManager ¶

func NewCertManager(deps Deps) *CertManager

func (*CertManager) Start ¶

func (m *CertManager) Start(ctx context.Context) error

type Config ¶

type Config struct {
	// Datacenter is the datacenter name the server is configured with.
	Datacenter string

	// ACLsEnabled indicates whether the ACL system is enabled on this server.
	ACLsEnabled bool
}

type Deps ¶

type Deps struct {
	Config          Config
	Logger          hclog.Logger
	Cache           Cache
	GetStore        func() Store
	TLSConfigurator TLSConfigurator
	// contains filtered or unexported fields
}

type Store ¶

type Store interface {
	CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error)
	SystemMetadataGet(ws memdb.WatchSet, key string) (uint64, *structs.SystemMetadataEntry, error)
	AbandonCh() <-chan struct{}
}

Store is an interface to represent the necessary methods of the state.Store. It is used to fetch the CA Config to getStore the trust domain in the TLSConfigurator.

type TLSConfigurator ¶

type TLSConfigurator interface {
	UpdateAutoTLSCert(pub, priv string) error
	UpdateAutoTLSPeeringServerName(name string)
}

TLSConfigurator is an interface to represent the necessary methods of the tlsutil.Configurator. It is used to apply the server leaf certificate and server name.

Source Files ¶

View all Source files

manager.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL