HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-285 |
Thu, 26 Sep 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-266 |
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-08-09T15:06:52.406Z
Updated: 2024-10-08T14:56:28.934Z
Reserved: 2023-07-05T21:02:24.890Z
Link: CVE-2023-3518
Vulnrichment
Updated: 2024-08-02T06:55:03.386Z
NVD
Status : Modified
Published: 2023-08-09T16:15:09.957
Modified: 2024-11-21T08:17:26.437
Link: CVE-2023-3518
Redhat
No data.