Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-1297

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Published

2023-06-02T23:15:09.293

Last Modified

2024-11-21T07:38:52.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-826
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	consul	< 1.14.7	Yes
Application	hashicorp	consul	< 1.14.7	Yes
Application	hashicorp	consul	< 1.15.3	Yes
Application	hashicorp	consul	< 1.15.3	Yes

References

https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 Vendor Advisory ([email protected])
https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)