CVE-2023-1297
Published: 02 June 2023
Summary
CVE-2023-1297 is a medium-severity Premature Release of Resource During Expected Lifetime (CWE-826) vulnerability in Hashicorp Consul. Its CVSS base score is 4.9 (Medium).
Operationally, ranked at the 49.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-1770
Vulnerability details
Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5,…
more
and 1.15.3
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.