CVE-2023-2816

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Consul and Consul Enterprise (affected versions not specified)

Description The issue allows any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

ALT-PU-2023-1946

AZL-27396

AZL-35303

BIT-CONSUL-2023-2816

CVE-2023-2816

GHSA-RQJQ-WW83-WV5C

GO-2023-1828

Affected Products

Alt Linux

Hashicorp Consul

Hashicorp Consul Enterprise

CVE-2023-2816

Weakness Enumeration

Related Identifiers

Affected Products

References · 15