Improper access control in Consul Enterprise

#VU77106 Improper access control in Consul Enterprise

Cybersecurity Help s.r.o.

Published: 2023-06-08

Vulnerability identifier: #VU77106

Vulnerability risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2816

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Consul Enterprise
Server applications / Other server solutions

Vendor: HashiCorp

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Lua extension. A remote user with service:write ACL permissions for an upstream service can modify Envoy proxy config for downstream services without equivalent permissions for those services.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Consul Enterprise: 1.15.0 - 1.15.2

External links
http://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525
http://github.com/hashicorp/consul/issues/17415
http://github.com/hashicorp/consul/releases/tag/v1.15.3

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HashiCorp consul