CGA-mj73-2rr9-gr45

Published

Last updated

https://images.chainguard.dev/security/CGA-mj73-2rr9-gr45

Package

consul-1.15

Latest Update

Fixed

Fixed Version

1.15.5-r0

Aliases

CVE-2023-0845
GHSA-wj6x-hcc2-f32j

Severity

6.5

Medium

CVSS V3

Summary

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

Description

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0845
https://github.com/advisories/GHSA-wj6x-hcc2-f32j
https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
https://github.com/hashicorp/consul
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-mj73-2rr9-gr45

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources