Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0845

Опубликовано: 09 мар. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

A flaw was found in the HashiCorp Consul. This flaw allows an authenticated user with service:write permissions to trigger a workflow that causes the Consul server and client agents to crash under certain circumstances.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/acm-grafana-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaNot affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected
Red Hat Openshift Data Foundation 4odf4/odf-multicluster-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/odr-rhel8-operatorAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2177595hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

EPSS

Процентиль: 56%
0.00336
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-0845

CVSS3: 4.9
ubuntu
почти 3 года назад

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

nvd логотип

CVE-2023-0845

CVSS3: 4.9
nvd
почти 3 года назад

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

debian логотип

CVE-2023-0845

CVSS3: 4.9
debian
почти 3 года назад

Consul and Consul Enterprise allowed an authenticated user with servic ...

github логотип

GHSA-wj6x-hcc2-f32j

CVSS3: 6.5
github
почти 3 года назад

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

fstec логотип

BDU:2023-01973

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать аварийное завершение работы приложения

EPSS

Процентиль: 56%
0.00336
Низкий

6.5 Medium

CVSS3