VYPR
High severityNVD Advisory· Published Aug 9, 2023· Updated Oct 8, 2024

JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access

CVE-2023-3518

Description

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/consulGo
>= 1.16.0, < 1.16.11.16.1

Affected products

10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.