Given the above conditions, an attacker can register a check on a remote agent with a maliciouspayload. By design, script checks allow arbitrary code execution, so allowing serviceregistrationwith checks enabled via an exposed API presents an RCE (remote code execution) threat. Consul's early des...
Given the above conditions, an attacker can register a check on a remote agent with a malicious payload. By design, script checks allow arbitrary code execution, so allowing service registration with checks enabled via an exposed API presents an RCE (remote code execution) threat. Consul's early...