CVE-2022-3920 – github.com/hashicorp/consul

Package

Manager: go
Name: github.com/hashicorp/consul
Vulnerable Version: >=1.13.0 <1.14.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00201 pctl0.42327

Details

Missing Authorization in HashiCorp Consul HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Metadata

Created: 2022-11-16T12:00:20Z
Modified: 2022-11-21T23:53:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-gw2g-hhc9-wgjh/GHSA-gw2g-hhc9-wgjh.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-gw2g-hhc9-wgjh
Finding: F039
Auto approve: 1