CVE-2022-3920

Source
https://cve.org/CVERecord?id=CVE-2022-3920
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3920.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3920
Aliases
Downstream
Related
Published
2022-11-15T23:25:30.161Z
Modified
2026-07-08T06:04:03.541872081Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Consul Peering Imported Nodes/Services Leak
Details

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3920.json",
    "cwe_ids": [
        "CWE-862"
    ],
    "cna_assigner": "HashiCorp"
}
References

Affected packages

Git / github.com/hashicorp/consul

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/consul
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": [
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.13.0"
        },
        {
            "last_affected": "1.13.0"
        },
        {
            "introduced": "1.13.1"
        },
        {
            "last_affected": "1.13.1"
        },
        {
            "introduced": "1.13.2"
        },
        {
            "last_affected": "1.13.2"
        },
        {
            "introduced": "1.13.3"
        },
        {
            "last_affected": "1.13.3"
        }
    ]
}

Affected versions

1.*
1.13.0
1.13.1
1.13.2
1.13.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3920.json"