CVE-2023-0845 MEDIUM

CVE-2023-0845: Consul Server Panic when Ingress and API Gateways Configured with Peering

Vendor Hashicorp
Product Consul
Weakness CWE-476
Published March 9, 2023
Last update February 28, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Key dates

02Disclosure timeline

March 9, 2023 CVE published
February 28, 2025 Record updated