Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2023-2816

HistoryJun 02, 2023 - 11:15 p.m.

CVE-2023-2816

2023-06-0223:15:09

Debian Security Bug Tracker

security-tracker.debian.org

consul

consul enterprise

user permissions

vulnerability

envoy extensions

remote proxy

service-defaults

patching

unix

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

17.6%

JSON

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

OSVersionArchitecturePackageVersionFilename
Debian11allconsul< 1.8.7+dfsg1-2consul_1.8.7+dfsg1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	all	consul	< 1.8.7+dfsg1-2	consul_1.8.7+dfsg1-2_all.deb

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

17.6%

JSON

Related for DEBIANCVE:CVE-2023-2816