UBUNTU-CVE-2022-3920

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-3920

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-3920.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-3920

Upstream

CVE-2022-3920

Published

2022-11-16T00:15:00Z

Modified

2025-09-08T16:49:50Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

References

Affected packages

Ubuntu:Pro:18.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@0.6.4~dfsg-3?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.4~dfsg-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "0.6.4~dfsg-3"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "0.6.4~dfsg-3"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.5.2+dfsg2-14?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.7~dfsg1-5ubuntu1

1.4.4~dfsg1-2ubuntu2

1.5.2+dfsg1-6

1.5.2+dfsg1-10

1.5.2+dfsg1-12

1.5.2+dfsg2-14

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "1.5.2+dfsg2-14"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "1.5.2+dfsg2-14"
        }
    ]
}

Ubuntu:22.04:LTS / consul

Package

Name: consul
Purl: pkg:deb/ubuntu/consul@1.8.7+dfsg1-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.4+dfsg1-1

1.8.7+dfsg1-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "consul",
            "binary_version": "1.8.7+dfsg1-3"
        },
        {
            "binary_name": "golang-github-hashicorp-consul-dev",
            "binary_version": "1.8.7+dfsg1-3"
        }
    ]
}