CVE-2022-3920

HIGH7.5EPSS 0.41%

Consul Peering Imported Nodes/Services Leak

發布日:2022/11/16修改日:2025/5/20

也稱為:GHSA-gw2g-hhc9-wgjhBIT-consul-2022-3920GO-2022-1121

描述

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

受影響套件(3)

Bitnami/consul>= 1.13.0, < 1.13.4
Go/github.com/hashicorp/consul>= 1.13.0, < 1.14.0
Go/github.com/hashicorp/consul>= 1.13.0, < 1.14.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(4)

ADVISORYhttps://github.com/advisories/GHSA-gw2g-hhc9-wgjh
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-3920
WEBhttps://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946
WEBhttps://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e