MEDIUM🇬🇧 English

CVE-2023-1297

CVSS 4.9v3.1pub. 2023-06-02upd. 2024-11-21

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • Hashicorp Consul

    APP
    Hashicorp
    1.13.0 – 1.14.7 (bez)1.15.0 – 1.15.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2024-10006HIGH8.3ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...

CVE-2024-10005HIGH8.1ten sam produkt

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...

CVE-2023-3518HIGH7.4ten sam produkt

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...

CVE-2023-2816HIGH8.7ten sam produkt

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...

CVE-2021-41803HIGH7.1ten sam produkt

HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names pri...

CVE-2023-1297 — MEDIUM 4.9 | CVEbaza.pl