PT-2023-25190 · Hashicorp · Hashicorp Consul+1

Published

2023-08-09

Updated

2024-09-26

CVE-2023-3518

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise version 1.16.0

Description A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows or denies access regardless of service identities.

Recommendations For HashiCorp Consul and Consul Enterprise version 1.16.0, update to version 1.16.1 to resolve the issue. As a temporary workaround, consider disabling JWT Auth for service mesh until the update is applied.

Fix

Incorrect Privilege Assignment

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285

Related Identifiers

BIT-CONSUL-2023-3518

CVE-2023-3518

GHSA-9RHF-Q362-77MX

GO-2024-2704

Affected Products

Hashicorp Consul Enterprise

Hashicorp Consul

PT-2023-25190 · Hashicorp · Hashicorp Consul+1

CVE-2023-3518

Weakness Enumeration

Related Identifiers

Affected Products

References · 10