luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

docs: make gossip threat model more visible

This commit is contained in:
Jared Kirschner 2022-03-23 11:46:56 -04:00 committed by GitHub
parent 807a399b97
commit 31baed248d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/docs/security/security-models/core.mdx
View File

@ -407,7 +407,9 @@ The following are not part of the threat model for client agents:
configured identity, and extract information from Consul when ACLs are disabled.
- **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog
information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
information.
- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key.
- **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service