Skip to content

Fix GHSL-2025-037: Add Consul ACL authentication to prevent RCE#248

Open
artsploit wants to merge 1 commit intometa-soul:mainfrom
artsploit:fix-ghsl-2025-037
Open

Fix GHSL-2025-037: Add Consul ACL authentication to prevent RCE#248
artsploit wants to merge 1 commit intometa-soul:mainfrom
artsploit:fix-ghsl-2025-037

Conversation

@artsploit
Copy link
Copy Markdown

@artsploit artsploit commented Nov 11, 2025

  • Enable Consul ACL with token-based authentication
  • Use CONSUL_INITIAL_MANAGEMENT_TOKEN environment variable (default: CHANGE-ME-IN-PRODUCTION)
  • Configure Spring Cloud Consul client to use ACL token
  • All unauthorized Consul API requests now blocked with 403
  • Prevents RCE via SpEL injection through unprotected Consul instance

Changes:

  • docker-compose.yml: Enable ACL in Consul with inline HCL configuration
  • bootstrap.yml: Add acl-token configuration for Spring Cloud Consul client

@artsploit
Fix GHSL-2025-037: Add Consul ACL authentication to prevent RCE
513b09b 
- Enable Consul ACL with token-based authentication
- Use CONSUL_INITIAL_MANAGEMENT_TOKEN environment variable (default: CHANGE-ME-IN-PRODUCTION)
- Configure Spring Cloud Consul client to use ACL token
- All unauthorized Consul API requests now blocked with 403
- Prevents RCE via SpEL injection through unprotected Consul instance

Changes:
- docker-compose.yml: Enable ACL in Consul with inline HCL configuration
- bootstrap.yml: Add acl-token configuration for Spring Cloud Consul client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@artsploit