CVE-2022-24687 — Vulnetix

CVE-2022-24687 PUBLISHED

HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.

EPSS 0.66% · 71.4th percentile

Risk Scores

EPSS Score

0.66%

71.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	consul	1.8.0, 1.8.0, 1.11.0
Bitnami	consul	1.11.0, 1.8.0, 1.10.0

Timeline

Feb 24, 2022 CVE Published
Feb 25, 2022 EPSS Score
Apr 18, 2022 EPSS Score
Jun 9, 2022 EPSS Score
Jul 31, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 12, 2022 EPSS Score
Jan 3, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 16, 2023 EPSS Score
Jun 7, 2023 EPSS Score

References

https://discuss.hashicorp.com url
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ url
https://security.gentoo.org/glsa/202208-09 url
https://security.netapp.com/advisory/ntap-20220331-0006/ url
https://nvd.nist.gov/vuln/detail/CVE-2022-24687 url

Open in Interactive Console →