CVE-2023-0845

NULL Pointer Dereference in go/github.com/hashicorp/consul/acl

Identifiers

CVE-2023-0845

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

NULL Pointer Dereference

Description

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.

Affected Versions

All versions before 1.14.5

Solution

Upgrade to version 1.14.5 or above.

Last Modified

2023-03-16

source