Lucene search
GoogleOSV:GHSA-9RHF-Q362-77MXHistoryAug 09, 2023 - 6:30 p.m.
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
2023-08-0918:30:52
Google
osv.dev
7
consul
vulnerability
l7
intentions
jwt authentication
service mesh
identity
providers
cve-2023-3518
software security
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
31.1%
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
Related
nvd
nvd
CVE-2023-3518
2023-08-09 16:15:09
debiancve
debiancve
CVE-2023-3518
2023-08-09 16:15:09
cgr
cgr
CVE-2023-3518 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2023-3518
2023-08-09 16:15:09
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers in github.com/hashicorp/consul
2024-06-04 15:19:21
CGA-48rx-2r82-m28r
2024-06-06 12:22:28
cve
cve
CVE-2023-3518
2023-08-09 16:15:09
github
github
prion
prion
Design/Logic Flaw
2023-08-09 16:15:00
cvelist
cvelist
wolfi
wolfi
CVE-2023-3518 vulnerabilities
2024-09-27 09:13:12
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
EPSS
0.001
Percentile
31.1%
Related for OSV:GHSA-9RHF-Q362-77MX