CVE-2022-3920

Summary

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Affected Software

VendorProductVersion RangeStatus
HashiCorpConsul1.13.0affected
HashiCorpConsul1.13.1affected
HashiCorpConsul1.13.2affected
HashiCorpConsul1.13.3affected
HashiCorpConsul Enterprise1.13.0affected
HashiCorpConsul Enterprise1.13.1affected
HashiCorpConsul Enterprise1.13.2affected
HashiCorpConsul Enterprise1.13.3affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References