CVE-2022-24687 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: >=1.8.0 <1.9.15 || >=1.10.0 <1.10.8 || >=1.11.0 <1.11.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00635 pctl0.69487

Details

HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Clusters with at least one ingress gateway configured may allow a user with `service:write` permission to register a specifically-defined service that can cause the Consul server to panic and shutdown. Versions 1.9.15, 1.10.8, and 1.11.3 contain patches for the problem.

Metadata

Created: 2022-02-25T00:01:01Z
Modified: 2022-08-18T19:07:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-hj93-5fg3-3chr/GHSA-hj93-5fg3-3chr.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-hj93-5fg3-3chr
Finding: F067
Auto approve: 1