CVE-2023-1297: 
Consul vulnerability analysis and mitigation

A vulnerability (CVE-2023-1297) was identified in HashiCorp Consul and Consul Enterprise's cluster peering implementation where a peer cluster with a service sharing the same name as a local service could corrupt Consul state, resulting in denial of service. The vulnerability was discovered during internal testing and affected versions 1.13.0 through 1.14.0, and 1.15.0. The issue was resolved in Consul versions 1.14.5, and 1.15.3 (HashiCorp Discuss).

The vulnerability exists in Consul's cluster peering feature, which is designed to support peering connections between two or more independent clusters for service communication across different partitions or datacenters. The specific issue occurs when a local and imported service share the same name, and the service on the cluster peer is deleted, leading to state corruption in Consul (HashiCorp Discuss).

Successful exploitation of this vulnerability results in denial of service, affecting the availability of the Consul cluster. The corruption of Consul's state can disrupt service discovery and communication between services across peered clusters (HashiCorp Discuss).

Administrators should upgrade their Consul clusters to version 1.14.5, 1.15.3, or newer to address this vulnerability. It's worth noting that cluster peering was a beta feature in Consul 1.13.x, and the fix was only implemented in the 1.14.x and 1.15.x branches (HashiCorp Discuss).