Lucene search
GitHub Advisory DatabaseGHSA-9RHF-Q362-77MXHistoryAug 09, 2023 - 6:30 p.m.
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
2023-08-0918:30:52
CWE-266
CWE-285
GitHub Advisory Database
github.com
14
consul
vulnerability
access
mismatched service identity
jwt provider
cve-2023-3518
fixed
1.16.0
1.16.1
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
31.1%
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
Affected configurations
Node
hashicorpconsulMatch1.16.0
Related
nvd
nvd
CVE-2023-3518
2023-08-09 16:15:09
debiancve
debiancve
CVE-2023-3518
2023-08-09 16:15:09
cgr
cgr
CVE-2023-3518 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2023-3518
2023-08-09 16:15:09
cve
cve
CVE-2023-3518
2023-08-09 16:15:09
prion
prion
Design/Logic Flaw
2023-08-09 16:15:00
cvelist
cvelist
wolfi
wolfi
CVE-2023-3518 vulnerabilities
2024-09-27 09:13:12
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
31.1%
Related for GHSA-9RHF-Q362-77MX