Описание
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
Пакеты
Наименование
github.com/hashicorp/consul
go
Затронутые версииВерсия исправления
= 1.16.0
1.16.1
Связанные уязвимости
CVSS3: 7.4
nvd
больше 2 лет назад
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
CVSS3: 7.4
debian
больше 2 лет назад
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for ...