PT-2023-25190 · Hashicorp · Hashicorp Consul+1

Publicado

2023-08-09

Atualizado

2024-09-26

CVE-2023-3518

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise version 1.16.0

Description A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows or denies access regardless of service identities.

Recommendations For HashiCorp Consul and Consul Enterprise version 1.16.0, update to version 1.16.1 to resolve the issue. As a temporary workaround, consider disabling JWT Auth for service mesh until the update is applied.

Correção

Incorrect Privilege Assignment

Improper Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-266CWE-285

Identificadores relacionados

BIT-CONSUL-2023-3518

CVE-2023-3518

GHSA-9RHF-Q362-77MX

GO-2024-2704

Produtos afetados

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2023-25190 · Hashicorp · Hashicorp Consul+1

CVE-2023-3518

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10