CVE-2023-1297
published 2023-06-02CVE-2023-1297: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.77%
50.9th percentile
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | consul | — | — |
| github.com | hashicorp_consul | >= 0 < 1.14.5 | 1.14.5 |
| github.com | hashicorp_consul | >= 1.15.0 < 1.15.3 | 1.15.3 |
| hashicorp | consul | >= 1.13.0 < 1.14.7 | 1.14.7 |
| hashicorp | consul | 1.14.0 – 1.14.5 | — |
| hashicorp | consul | >= 1.15.0 < 1.15.3 | 1.15.3 |
| hashicorp | consul | 1.15.0 – 1.15.3 | — |
| hashicorp | consul_enterprise | 1.14.0 – 1.14.5 | — |
| hashicorp | consul_enterprise | 1.15.0 – 1.15.3 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian4.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2023-1297: consul - Consul and Consul Enterprise's cluster peering implementation contained a flaw w...
vendor_debian·2023·CVSS 4.9
CVE-2023-1297 [MEDIUM] CVE-2023-1297: consul - Consul and Consul Enterprise's cluster peering implementation contained a flaw w...
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
Scope: local
bullseye: resolved
OSV
Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
osv·2024-08-20
CVE-2023-1297 Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
Hashicorp Consul vulnerable to denial of service in github.com/hashicorp/consul
OSV
Hashicorp Consul vulnerable to denial of service
osv·2023-06-03
CVE-2023-1297 [MEDIUM] Hashicorp Consul vulnerable to denial of service
Hashicorp Consul vulnerable to denial of service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
GHSA
Hashicorp Consul vulnerable to denial of service
ghsa·2023-06-03
CVE-2023-1297 [MEDIUM] CWE-826 Hashicorp Consul vulnerable to denial of service
Hashicorp Consul vulnerable to denial of service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
OSV
CVE-2023-1297: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service
osv·2023-06-02·CVSS 7.5
CVE-2023-1297 [HIGH] CVE-2023-1297: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-02
Published