CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3518

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.6%

CVSS Severity

CVSS v3 Score 7.4

References

https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004
https://discuss.hashicorp.com/t/hcsec-2023-25-consul-jwt-auth-in-l7-intentions-allow-for-mismatched-service-identity-and-jwt-providers/57004

Products affected by CVE-2023-3518

Hashicorp » Consul » Version: 1.16.0

cpe:2.3:a:hashicorp:consul:1.16.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3518

Products

Pricing

Contact Us