{
  "threat_severity" : "Moderate",
  "public_date" : "2023-03-09T00:00:00Z",
  "bugzilla" : {
    "description" : "hashicorp/consul: Consul Server Panic when Ingress and API Gateways Configured with Peering Connections",
    "id" : "2177595",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2177595"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.", "A flaw was found in the HashiCorp Consul. This flaw allows an authenticated user with service:write permissions to trigger a workflow that causes the Consul server and client agents to crash under certain circumstances." ],
  "package_state" : [ {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "openshift-logging/logging-loki-rhel8",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/acm-grafana-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-grafana",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/topology-aware-lifecycle-manager-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Will not fix",
    "package_name" : "odf4/odf-multicluster-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/odr-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-0845\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0845\nhttps://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197" ],
  "name" : "CVE-2023-0845",
  "csaw" : false
}