CVE-2022-24687

6.5MEDIUM

Key Information

Vendor: Hashicorp
Status: Consul
Vendor: CVE Published:; 24 February 2022

Summary

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Feb 24, 2022
Vulnerability Reserved.
Feb 9, 2022

Collectors

NVD DatabaseMitre Database