Security Advisory

CVE-2023-2816

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-02 22:43:34

Last updated 2024-10-07 20:12:01

Assigner HashiCorp

State PUBLISHED

Description

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

← Browse all CVEs View on cve.org ↗