HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:20
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946 - Vendor Advisory |
Information
Published : 2022-11-16 00:15
Updated : 2024-11-21 07:20
NVD link : CVE-2022-3920
Mitre link : CVE-2022-3920
CVE.ORG link : CVE-2022-3920
JSON object : View
Products Affected
hashicorp
- consul
CWE
CWE-862
Missing Authorization