BIT-consul-2022-3920

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/consul/BIT-consul-2022-3920.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-consul-2022-3920

Aliases

Published

2024-03-06T10:52:02.181Z

Modified

2024-11-27T19:40:48.342Z

Summary

[none]

Details

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Database specific

{
    "cpes": [
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"
    ],
    "severity": "Medium"
}

References

https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Affected packages

Bitnami / consul

Package

Name: consul
Purl: pkg:bitnami/consul

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.13.0

Fixed

1.13.3