Headline
GHSA-wj6x-hcc2-f32j: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-0845
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
Moderate severity GitHub Reviewed Published Mar 9, 2023 to the GitHub Advisory Database • Updated Mar 16, 2023
Package
gomod github.com/hashicorp/consul (Go)
Affected versions
>= 1.14.0, < 1.14.5
Published by the National Vulnerability Database
Mar 9, 2023
Published to the GitHub Advisory Database
Mar 9, 2023
Last updated
Mar 16, 2023
Related news
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.