Vulnerabilities > CVE-2023-3518 - Unspecified vulnerability in Hashicorp Consul 1.16.0

CVSS 7.3 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

hashicorp

NVD

Published: 2023-08-09

Updated: 2024-09-26

Summary

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Consul 1.16.0	3

References

https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004