A vulnerability was identified in Consul and Consul Enterprise (“Consul”) an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an ACL token with service:write permissions, and there needs to be at least one running ingress or API gateway that is configured to route traffic to an upstream service.

Affected Packages

Go github.com/hashicorp/consul

Affected versions: 1.14.0 (fixed in 1.14.5)

Related CVEs

CVE-2023-0845

Key Information

GHSA ID

GHSA-wj6x-hcc2-f32j

Published

March 9, 2023 6:30 PM

Last Modified

September 20, 2023 5:41 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/hashicorp/consul

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.