CVE-2022-24687: 
Consul vulnerability analysis and mitigation

HashiCorp Consul and Consul Enterprise versions 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write permissions to register a specifically-defined service that can cause Consul servers to panic. This vulnerability was assigned CVE-2022-24687 and was fixed in versions 1.9.15, 1.10.8, and 1.11.3 (HashiCorp Advisory).

The vulnerability affects Consul clusters that have at least one ingress gateway configured. An ingress gateway is a type of proxy that enables connectivity within organizational networks from services outside the Consul service mesh to services in the mesh. The issue allows users with service:write permissions to register a specifically-crafted service definition that triggers a panic condition in the Consul server. The vulnerability has been assigned a CVSS v3.1 score of 7.5 HIGH (NVD).

When successfully exploited, this vulnerability can cause Consul servers to panic and shutdown, resulting in a denial of service condition. This can affect the availability of the Consul service mesh and impact the organization's service discovery and configuration management capabilities (HashiCorp Advisory).

Organizations should upgrade to Consul or Consul Enterprise versions 1.9.15, 1.10.8, 1.11.3, or newer to address this vulnerability. The upgrade process should follow the general guidance and version-specific upgrade notes provided in the Consul documentation (HashiCorp Advisory).