Headline
CVE-2023-0845: HCSEC-2023-06 - Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
Loading
Related news
GHSA-wj6x-hcc2-f32j: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.