CVE-2022-3920
Consul Peering Imported Nodes/Services Leak
7.5
HIGH
CVSS 3.1
EPSS 0.37%
Description
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
How to fix CVE-2022-3920
To remediate CVE-2022-3920, upgrade the affected package to a fixed version below.
- Bitnami/consul—upgrade to 1.13.4 or later
- —upgrade to 1.14.0 or later
- —upgrade to 1.14.0 or later
Is CVE-2022-3920 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 1.13.0, < 1.13.4
- >= 1.13.0, < 1.14.0
- >= 1.13.0, < 1.14.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |