CVE-2023-2816 — Incorrect Privilege Assignment in Hashicorp Consul

CWE-266 — Incorrect Privilege Assignment7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 63.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Consul Hashicorp Consul Hashicorp Consul Enterprise +8 more

Timeline

PublishedJun 2

Latest updateAug 20

Description

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages12 packages

▶CVEListV5hashicorp/consul_enterprise1.15.0, 1.15.1, 1.15.2+2

▶NVDhashicorp/consul1.15.0 — 1.15.3

▶Gogithub.com/hashicorp_consul1.15.0 — 1.15.3

▶debiandebian/consul

▶CVEListV5hashicorp/consul1.15.0, 1.15.1, 1.15.2+2

🔴Vulnerability Details

OSV

Hashicorp Consul allows user with service:write permissions to patch remote proxy instances in github.com/hashicorp/consul↗2024-08-20

▶

OSV

Hashicorp Consul allows user with service:write permissions to patch remote proxy instances↗2023-06-03

▶

GHSA

Hashicorp Consul allows user with service:write permissions to patch remote proxy instances↗2023-06-03

▶

OSV

CVE-2023-2816: Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote p↗2023-06-02

▶

📋Vendor Advisories

Microsoft

Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner↗2023-06-13

▶

Debian

CVE-2023-2816: consul - Consul and Consul Enterprise allowed any user with service:write permissions to ...↗2023

▶