High severityNVD Advisory· Published Jun 2, 2023· Updated Oct 7, 2024
Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
CVE-2023-2816
Description
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.15.0, < 1.15.3 | 1.15.3 |
Affected products
4- osv-coords2 versions
>= 1.15.0, < 1.15.3+ 1 more
- (no CPE)range: >= 1.15.0, < 1.15.3
- (no CPE)range: >= 1.15.0, < 1.15.3
- Range: 1.15.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.