PT-2023-9290 · Hashicorp+2 · Hashicorp Consul+3
Published
2023-06-02
·
Updated
2024-08-20
·
CVE-2023-1297
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Consul versions prior to 1.14.5
Consul versions prior to 1.15.3
Consul Enterprise versions prior to 1.14.5
Consul Enterprise versions prior to 1.15.3
Description
The cluster peering implementation in Consul and Consul Enterprise contained a flaw that could allow a peer cluster with a service of the same name as a local service to corrupt Consul state, resulting in denial of service.
Recommendations
For Consul versions prior to 1.14.5, update to version 1.14.5 or later to resolve the issue.
For Consul versions prior to 1.15.3, update to version 1.15.3 or later to resolve the issue.
For Consul Enterprise versions prior to 1.14.5, update to version 1.14.5 or later to resolve the issue.
For Consul Enterprise versions prior to 1.15.3, update to version 1.15.3 or later to resolve the issue.
As a temporary workaround, consider restricting access to the cluster peering implementation until a patch is available.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Hashicorp Consul
Hashicorp Consul Enterprise
Red Os