HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com | Vendor Advisory |
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ | Vendor Advisory |
https://security.gentoo.org/glsa/202208-09 | |
https://security.netapp.com/advisory/ntap-20220331-0006/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
Information
Published : 2022-02-24 16:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-24687
Mitre link : CVE-2022-24687
CVE.ORG link : CVE-2022-24687
JSON object : View
Products Affected
hashicorp
- consul
CWE