CVE-2023-0845

Summary

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Affected Software

VendorProductVersion RangeStatus
HashiCorpConsul1.14.0affected
HashiCorpConsul1.14.1affected
HashiCorpConsul1.14.2affected
HashiCorpConsul1.14.3affected
HashiCorpConsul1.14.4affected
HashiCorpConsul Enterprise1.14.0affected
HashiCorpConsul Enterprise1.14.1affected
HashiCorpConsul Enterprise1.14.2affected
HashiCorpConsul Enterprise1.14.3affected
HashiCorpConsul Enterprise1.14.4affected

Weaknesses

  • CWE-476: CWE-476: Null Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References