High severityNVD Advisory· Published Aug 9, 2023· Updated Oct 8, 2024
JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
CVE-2023-3518
Description
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.16.0, < 1.16.1 | 1.16.1 |
Affected products
10- osv-coords8 versionspkg:apk/chainguard/consul-1.16pkg:apk/chainguard/consul-1.16-oci-entrypointpkg:apk/chainguard/consul-1.16-oci-entrypoint-compatpkg:apk/wolfi/consul-1.16pkg:apk/wolfi/consul-1.16-oci-entrypointpkg:apk/wolfi/consul-1.16-oci-entrypoint-compatpkg:bitnami/consulpkg:golang/github.com/hashicorp/consul
< 1.16.1-r0+ 7 more
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: < 1.16.1-r0
- (no CPE)range: >= 1.16.0, < 1.16.1
- (no CPE)range: >= 1.16.0, < 1.16.1
- Range: 1.16.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.