cbcvebase.
CVE-2023-1297
published 2023-06-02

CVE-2023-1297: Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could…

PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.77%
50.9th percentile
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Affected

9 ranges
VendorProductVersion rangeFixed in
debianconsul
github.comhashicorp_consul>= 0 < 1.14.51.14.5
github.comhashicorp_consul>= 1.15.0 < 1.15.31.15.3
hashicorpconsul>= 1.13.0 < 1.14.71.14.7
hashicorpconsul1.14.0 – 1.14.5
hashicorpconsul>= 1.15.0 < 1.15.31.15.3
hashicorpconsul1.15.0 – 1.15.3
hashicorpconsul_enterprise1.14.0 – 1.14.5
hashicorpconsul_enterprise1.15.0 – 1.15.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian4.9LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.