CVE-2023-2816 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner

2023-06-0222:43:34

CWE-266

HashiCorp

www.cve.org

consul

cve-2023-2816

envoy

proxy

configuration

vulnerability

service-write

permissions

remote

patch

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

17.6%

JSON

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "product": "Consul",
    "repo": "https://github.com/hashicorp/consul",
    "vendor": "HashiCorp",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      },
      {
        "status": "affected",
        "version": "1.15.1"
      },
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "product": "Consul Enterprise",
    "repo": "https://github.com/hashicorp/consul",
    "vendor": "HashiCorp",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      },
      {
        "status": "affected",
        "version": "1.15.1"
      },
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  }
]