Vulnerability Description
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Consul | < 1.14.5 |
Related Weaknesses (CWE)
References
- https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-aIssue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-aIssue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-0845?
CVE-2023-0845 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This v...
How severe is CVE-2023-0845?
CVE-2023-0845 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0845?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Consul.