CVE-2023-0845
MEDIUMConsul 1.14.0-1.14.5 - Authenticated Denial of Service via Ingress and API Gateway Configuration
Title source: llmDescription
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
References (4)
Core 4
Core References
Issue Tracking, Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
Scores
CVSS v3
4.9
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-476
Status
published
Products (2)
hashicorp/consul
< 1.14.5
hashicorp/consul
1.14.0 - 1.14.5Go
Published
Mar 09, 2023
Tracked Since
Feb 18, 2026