CVE-2022-3920

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3920

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3920.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3920

Aliases

Downstream

UBUNTU-CVE-2022-3920

Related

Published

2022-11-16T00:15:09.747Z

Modified

2026-03-13T05:57:32.822527Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

References

https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/consul

Events

Introduced

8c2372092a8683dd40221372597d3efed0c84e2b

Last affected

b29e5894f2322c9294b1f03c9b264ae2e6ae0eb0

Introduced

8c2372092a8683dd40221372597d3efed0c84e2b

Last affected

b29e5894f2322c9294b1f03c9b264ae2e6ae0eb0

Database specific

{
    "versions": [
        {
            "introduced": "1.13.0"
        },
        {
            "last_affected": "1.13.3"
        },
        {
            "introduced": "1.13.0"
        },
        {
            "last_affected": "1.13.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3920.json"