cbcvebase.
CVE-2023-0845
published 2023-03-09

CVE-2023-0845: Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.00%
58.6th percentile
Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianconsul
github.comhashicorp_consul>= 1.14.0 < 1.14.51.14.5
hashicorpconsul< 1.14.51.14.5
hashicorpconsul
hashicorpconsul
hashicorpconsul
hashicorpconsul
hashicorpconsul
hashicorpconsul_enterprise
hashicorpconsul_enterprise
hashicorpconsul_enterprise
hashicorpconsul_enterprise
hashicorpconsul_enterprise

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian4.9LOW
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.