CVE-2023-3518

Description

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

Related CPE's

a hashicorp consul 1.16.0 rc1 **-***

a hashicorp consul 1.16.0 -**-***

a hashicorp consul 1.16.0 ***enterprise ***

References

https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io