Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HHashicorp Consul
APPHashicorp1.13.0 – 1.14.7 (bez)1.15.0 – 1.15.3 (bez)
Related vulnerabilities
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffi...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traf...
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies a...
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configure...
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names pri...