Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
History

Mon, 07 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.15.0:*:*:*:enterprise:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-06-02T22:43:34.553Z

Updated: 2024-10-07T20:12:01.627Z

Reserved: 2023-05-19T18:11:06.618Z

Link: CVE-2023-2816

cve-icon Vulnrichment

Updated: 2024-08-02T06:33:05.672Z

cve-icon NVD

Status : Modified

Published: 2023-06-02T23:15:09.503

Modified: 2024-11-21T07:59:20.730

Link: CVE-2023-2816

cve-icon Redhat

No data.