hashicorp/consul CVE-2021-32574

[sergiodj]

Security scanning revealed that telegraf may be affected by https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32574. This CVE affects HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0; telegraf uses:

github.com/hashicorp/consul/api v1.8.1

I'm not entirely sure whether the CVE affects the api component as well, but I thought I'd report the bug anyway. According to the CVE note, it has been fixed in hashicorp/consul version 1.8.14.

[srebhan]

Should we update to v1.8.1 or rather to v1.9.1 directly? @reimda what do you think?

[helenosheaa]

We are currently on hashicorp/consul/api v1.8.1, it's not clear if the CVEs from hashicorp/consul relates to the api component. I've put in a PR for us to move to v1.9.1.