Protecting Consul from RCE Risk in Specific Configurations

We’ve recently become aware of a set of malware targeting Consul nodes with a specific configuration which allows remote code execution. Members of our community also (responsibly) reported incidents caused by this malware, and worked with us to include a patch in a recent version of Consul that protects from this threat in the wild. This post details how this malware may affect users, depending on their configuration, as well as outlines the steps we’ve taken to backport a patch for versions 1.
Read more