CVE-2022-24687
published 2022-02-24CVE-2022-24687: HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.37%
68.4th percentile
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 1.10.0 < 1.10.8 | 1.10.8 |
| github.com | hashicorp_consul | >= 1.11.0 < 1.11.3 | 1.11.3 |
| github.com | hashicorp_consul | >= 1.8.0 < 1.9.15 | 1.9.15 |
| hashicorp | consul | >= 1.10.0 < 1.10.8 | 1.10.8 |
| hashicorp | consul | >= 1.11.0 < 1.11.3 | 1.11.3 |
| hashicorp | consul | >= 1.8.0 < 1.9.15 | 1.9.15 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
osv·2024-08-21
CVE-2022-24687 HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers in github.com/hashicorp/consul
GHSA
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
ghsa·2022-02-25
CVE-2022-24687 [MEDIUM] CWE-400 HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Clusters with at least one ingress gateway configured may allow a user with `service:write` permission to register a specifically-defined service that can cause the Consul server to panic and shutdown. Versions 1.9.15, 1.10.8, and 1.11.3 contain patches for the problem.
OSV
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
osv·2022-02-25
CVE-2022-24687 [MEDIUM] HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Clusters with at least one ingress gateway configured may allow a user with `service:write` permission to register a specifically-defined service that can cause the Consul server to panic and shutdown. Versions 1.9.15, 1.10.8, and 1.11.3 contain patches for the problem.
OSV
CVE-2022-24687: HashiCorp Consul and Consul Enterprise 1
osv·2022-02-24·CVSS 6.5
CVE-2022-24687 [MEDIUM] CVE-2022-24687: HashiCorp Consul and Consul Enterprise 1
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
Debian
CVE-2022-24687: consul - HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 ...
vendor_debian·2022·CVSS 6.5
CVE-2022-24687 [MEDIUM] CVE-2022-24687: consul - HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 ...
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
Scope: local
bullseye: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/https://security.gentoo.org/glsa/202208-09https://security.netapp.com/advisory/ntap-20220331-0006/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/https://security.gentoo.org/glsa/202208-09https://security.netapp.com/advisory/ntap-20220331-0006/
2022-02-24
Published