Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.
CPE | Name | Operator | Version |
---|---|---|---|
consul | eq | 1.2.1 | |
consul | eq | 0.7.4 | |
consul | eq | 0.8.0 | |
consul | eq | 1.4.3 | |
consul | eq | sdk/v0.2.0 | |
consul | eq | proto-public/v0.1.0 | |
consul | eq | 1.11.0-alpha | |
consul | eq | 1.5.0 | |
consul | eq | sdk/v0.12.0 | |
consul | eq | 1.7.0 |
discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
lists.fedoraproject.org/archives/list/[email protected]/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
lists.fedoraproject.org/archives/list/[email protected]/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
lists.fedoraproject.org/archives/list/[email protected]/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/