A vulnerability was identified in Consul such that using JWT authentication for service mesh incorrectly allows/denies access regardless of service identities. This vulnerability, CVE-2023-3518, affects Consul 1.16.0 and was fixed in 1.16.1.

Affected Packages

Go github.com/hashicorp/consul

Affected versions: 1.16.0 (fixed in 1.16.1)

Related CVEs

CVE-2023-3518

Key Information

GHSA ID

GHSA-9rhf-q362-77mx

Published

August 9, 2023 6:30 PM

Last Modified

April 1, 2024 6:32 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/consul

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.