Lucene search

GoogleOSV:BIT-CONSUL-2023-5332

HistoryMar 06, 2024 - 10:50 a.m.

BIT-consul-2023-5332

2024-03-0610:50:58

Google

osv.dev

patch

third party library

consul

vendor

bypassed

gitlab-ee

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.3%

JSON

Patch in third party library Consul requires ‘enable-script-checks’ to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

CPENameOperatorVersion
consullt1.2.4
consulle1.1.0
consullt0.9.4
consulge1.2.0
consullt1.0.8
consulge1.0.0
consulge1.1.0

Name	Operator	Version
consul	lt	1.2.4
consul	le	1.1.0
consul	lt	0.9.4
consul	ge	1.2.0
consul	lt	1.0.8
consul	ge	1.0.0
consul	ge	1.1.0

References

gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171

www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for OSV:BIT-CONSUL-2023-5332