UBUNTU-CVE-2023-2816

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-2816

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-2816.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-2816

Upstream

CVE-2023-2816

Published

2023-06-02T23:15:00Z

Modified

2025-07-16T07:57:34.207551Z

Severity

8.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.

References

Affected packages

Ubuntu:Pro:18.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@0.6.4~dfsg-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.4~dfsg-3

Ubuntu:Pro:20.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.5.2+dfsg2-14?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.7~dfsg1-5ubuntu1

1.4.4~dfsg1-2ubuntu2

1.5.2+dfsg1-6

1.5.2+dfsg1-10

1.5.2+dfsg1-12

1.5.2+dfsg2-14

Ubuntu:22.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.8.7+dfsg1-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4+dfsg1-1

1.8.7+dfsg1-3