CVE-2022-3920

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 07:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.3
References () https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946 - Vendor Advisory () https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946 - Vendor Advisory

Information

Published : 2022-11-16 00:15

Updated : 2024-11-21 07:20


NVD link : CVE-2022-3920

Mitre link : CVE-2022-3920

CVE.ORG link : CVE-2022-3920


JSON object : View

Products Affected

hashicorp

  • consul
CWE
CWE-862

Missing Authorization