Lucene search
GoogleOSV:GHSA-9RHF-Q362-77MXHistoryAug 09, 2023 - 6:30 p.m.
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
2023-08-0918:30:52
Google
osv.dev
5
consul
vulnerability
l7
intentions
jwt authentication
service mesh
identity
providers
cve-2023-3518
software security
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.0%
A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/consul | eq | 1.16.0 |
Related
nvd
nvd
CVE-2023-3518
2023-08-09 16:15:09
osv
osv
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers in github.com/hashicorp/consul
2024-06-04 15:19:21
BIT-consul-2023-3518
2024-03-06 10:51:07
CVE-2023-3518
2023-08-09 16:15:09
github
github
debiancve
debiancve
CVE-2023-3518
2023-08-09 16:15:09
cgr
cgr
CVE-2023-3518 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-3518
2023-08-09 16:15:09
prion
prion
Design/Logic Flaw
2023-08-09 16:15:00
cvelist
cvelist
wolfi
wolfi
CVE-2023-3518 vulnerabilities
2024-06-17 03:08:17
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.0%
Related for OSV:GHSA-9RHF-Q362-77MX