Consul DDoS via peer cluster state corruption, fixed in 1.14.5/1.15.3
CVE-2023-1297 Published on June 2, 2023
Consul Cluster Peering can Result in Denial of Service
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3
Vulnerability Analysis
CVE-2023-1297 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Premature Release of Resource During Expected Lifetime
The program releases a resource that is still intended to be used by the program itself or another actor.
Products Associated with CVE-2023-1297
Want to know whenever a new CVE is published for HashiCorp Consul? stack.watch will email you.
Affected Versions
HashiCorp Consul:- Version 1.14.0, <= 1.14.5 is affected.
- Version 1.15.0, <= 1.15.3 is affected.
- Version 1.14.0, <= 1.14.5 is affected.
- Version 1.15.0, <= 1.15.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.