CVE-2022-3920

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3920

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3920.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3920

Aliases

Related

Published

2022-11-16T00:15:09Z

Modified

2025-02-14T05:02:07Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

References

https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/consul
Events: Introduced

8c2372092a8683dd40221372597d3efed0c84e2b

Last affected

b29e5894f2322c9294b1f03c9b264ae2e6ae0eb0