Vulnerability Description
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Consul | >= 1.8.0, < 1.9.15 |
References
- https://discuss.hashicorp.comVendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-sVendor Advisory
- https://security.gentoo.org/glsa/202208-09
- https://security.netapp.com/advisory/ntap-20220331-0006/Third Party Advisory
- https://discuss.hashicorp.comVendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-sVendor Advisory
- https://security.gentoo.org/glsa/202208-09
- https://security.netapp.com/advisory/ntap-20220331-0006/Third Party Advisory
FAQ
What is CVE-2022-24687?
CVE-2022-24687 is a vulnerability with a CVSS score of 6.5 (MEDIUM). HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service th...
How severe is CVE-2022-24687?
CVE-2022-24687 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24687?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Consul.