CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2816

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.3%

CVSS Severity

CVSS v3 Score 8.7

References

https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525

Products affected by CVE-2023-2816

Hashicorp » Consul » Version: 1.15.0

cpe:2.3:a:hashicorp:consul:1.15.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2816

Products

Pricing

Contact Us