CVE-2022-3920 - HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's importe

CVE-2022-3920

Summary

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

References

https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Vulnerable Configurations

cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:enterprise:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

18-11-2022 - 20:21

Published

16-11-2022 - 00:15

Last modified

18-11-2022 - 20:21