BIT-consul-2023-3518
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2023-3518.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-consul-2023-3518
- Aliases
- Published
- 2024-03-06T10:51:07.390Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
- Details
-
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
- Database specific
{ "cpes": [ "cpe:2.3:a:hashicorp:consul:1.16.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:hashicorp:consul:1.16.0:-:*:*:-:*:*:*", "cpe:2.3:a:hashicorp:consul:1.16.0:rc1:*:*:-:*:*:*", "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*" ], "severity": "High" }- References
Affected packages
Bitnami / consul
Package
- Name
- consul
- Purl
- pkg:bitnami/consul
Severity
- 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator