github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1

Browse Source 
docs: make gossip threat model more visible
pull/12606/head
Jared Kirschner 3 years ago committed by GitHub
parent f1745c25c5 74b181018b
commit 9db69653e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
website/content/docs/security/security-models/core.mdx
Unescape View File

@ -407,7 +407,9 @@ The following are not part of the threat model for client agents:
configured identity, and extract information from Consul when ACLs are disabled.
- **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog
information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
information.
- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key.
- **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service

Write Preview
Loading…
Cancel
Save