CVE-2022-3920

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Consul and Consul Enterprise versions 1.13.0 through 1.13.3

Description The issue concerns a lack of filtering for cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. This affects HashiCorp Consul and Consul Enterprise. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For versions 1.13.0 through 1.13.3, update to version 1.14.0 to resolve the issue. As a temporary workaround, consider restricting access to the UI's HTTP or RPC endpoints until the update is applied.

Fix

Missing Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200

Related Identifiers

BDU:2025-08592

BIT-CONSUL-2022-3920

CVE-2022-3920

GHSA-GW2G-HHC9-WGJH

GO-2022-1121

MGASA-2023-0009

Affected Products

Hashicorp Consul Enterprise

Hashicorp Consul

Red Os

CVE-2022-3920

Weakness Enumeration

Related Identifiers

Affected Products

References · 24