ALT-PU-2023-1946-2

Package update consul in branch sisyphus

Version1.15.3-alt1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (5)

HIGH7.5

Уязвимость инструмента настройки сервисов Consul и Consul Enterprise, связанная с преждевременным высвобождением ресурсов в течение ожидаемого срока службы, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-08-07

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-1297

HIGH7.5

Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3

Published: 2023-06-02Modified: 2024-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

MEDIUM6.5

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

Published: 2023-06-02Modified: 2024-11-21

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

GHSA-c57c-7hrj-6q6v

MEDIUM4.9

Hashicorp Consul vulnerable to denial of service

Published: 2023-06-03Modified: 2023-06-06

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

GHSA-rqjq-ww83-wv5c

HIGH8.7

Hashicorp Consul allows user with service:write permissions to patch remote proxy instances

Published: 2023-06-03Modified: 2023-06-06

CVSS 3.xHIGH 8.7

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

References