luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1 

docs: make gossip threat model more visible
This commit is contained in:
Jared Kirschner 2022-03-23 14:54:17 -04:00 committed by GitHub
parent 6553bf4a2a 31baed248d
commit a004eea0dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
website/content/docs/security/security-models/core.mdx
View File

@ -407,7 +407,9 @@ The following are not part of the threat model for client agents:
configured identity, and extract information from Consul when ACLs are disabled.
- **DNS** - Malicious actors with access to a Consul agent DNS endpoint may be able to extract service catalog
information. Gossip - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
information.
- **Gossip** - Malicious actors with access to a Consul agent Serf gossip endpoint may be able to impersonate
agents within a datacenter. Gossip encryption should be enabled, with a regularly rotated gossip key.
- **Proxy (xDS)** - Malicious actors with access to a Consul agent xDS endpoint may be able to extract Envoy service