Vulnerabilities > CVE-2023-1297 - Unspecified vulnerability in Hashicorp Consul

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

hashicorp

NVD

Published: 2023-06-02

Updated: 2023-06-12

Summary

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Consul * Hashicorp Consul 1.13.0 Hashicorp Consul 1.13.1 Hashicorp Consul 1.13.2 Hashicorp Consul 1.13.3	9

References

https://discuss.hashicorp.com/t/hcsec-2023-15-consul-cluster-peering-can-result-in-denial-of-service/54515