Consul Cluster Peering can Result in Denial of Service

CVE-2023-1297

7.5HIGH

Key Information

Vendor: HashiCorp
Status: Consul; Consul Enterprise
Vendor: CVE Published:; 2 June 2023

Summary

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Affected Version(s)

Consul <= 1.14.5

Consul <= 1.15.3

Consul Enterprise <= 1.14.5

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 2, 2023
Vulnerability Reserved.
Mar 9, 2023

Collectors

NVD DatabaseMitre Database