CVE-2023-1297

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*

History

12 Jun 2023, 16:10

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References (MISC) https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 - (MISC) https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515 - Vendor Advisory
CPE cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*
First Time Hashicorp
Hashicorp consul
CWE NVD-CWE-noinfo

02 Jun 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-02 23:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-1297

Mitre link : CVE-2023-1297

CVE.ORG link : CVE-2023-1297


JSON object : View

Products Affected

hashicorp

  • consul
CWE
NVD-CWE-noinfo CWE-826

Premature Release of Resource During Expected Lifetime