Moderate severityNVD Advisory· Published Feb 24, 2022· Updated Aug 3, 2024
CVE-2022-24687
CVE-2022-24687
Description
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.8.0, < 1.9.15 | 1.9.15 |
github.com/hashicorp/consulGo | >= 1.10.0, < 1.10.8 | 1.10.8 |
github.com/hashicorp/consulGo | >= 1.11.0, < 1.11.3 | 1.11.3 |
Affected products
3- osv-coords2 versions
>= 1.8.0, < 1.9.15+ 1 more
- (no CPE)range: >= 1.8.0, < 1.9.15
- (no CPE)range: >= 1.8.0, < 1.9.15
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-hj93-5fg3-3chrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24687ghsaADVISORY
- security.gentoo.org/glsa/202208-09ghsavendor-advisoryx_refsource_GENTOOWEB
- discuss.hashicorp.comghsax_refsource_MISCWEB
- discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-serversghsaWEB
- discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220331-0006ghsaWEB
- security.netapp.com/advisory/ntap-20220331-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.