ID CVE-2022-3920
Summary HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
References
Vulnerable Configurations
  • cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:-:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:-:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.1:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:enterprise:*:*:*
    cpe:2.3:a:hashicorp:consul:1.13.2:*:*:*:enterprise:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 18-11-2022 - 20:21
Published 16-11-2022 - 00:15
Last modified 18-11-2022 - 20:21
Back to Top