Published: 24/02/2022 Updated: 08/08/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

HashiCorp Consul and Consul Enterprise 1.9.0 up to and including 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp consul

Debian Bug report logs - #1006487 consul: CVE-2022-24687 Package: src:consul; Maintainer for src:consul is Debian Go Packaging Team <pkg-go-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 26 Feb 2022 09:48:02 UTC Severity: important Tags: security, upstream Foun ...

NVD-CWE-noinfo https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/https://discuss.hashicorp.com https://security.netapp.com/advisory/ntap-20220331-0006/https://security.gentoo.org/glsa/202208-09 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006487 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-24687

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect