Improper Access Control in HashiCorp Consul and Consul Enterprise 1.16.0 with JWT Auth

Improper Access Control in HashiCorp Consul and Consul Enterprise 1.16.0 with JWT Auth

CVE-2023-3518 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.

Learn more about our Web Application Penetration Testing UK.