Medium severity5.3NVD Advisory· Published Nov 16, 2022· Updated Jun 17, 2026
CVE-2022-3920
CVE-2022-3920
Description
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.13.0, < 1.14.0 | 1.14.0 |
Affected products
10- osv-coords8 versionspkg:apk/chainguard/consul-1.15pkg:apk/chainguard/consul-1.15-oci-entrypointpkg:apk/chainguard/consul-1.15-oci-entrypoint-compatpkg:apk/wolfi/consul-1.15pkg:apk/wolfi/consul-1.15-oci-entrypointpkg:apk/wolfi/consul-1.15-oci-entrypoint-compatpkg:bitnami/consulpkg:golang/github.com/hashicorp/consul
< 1.15.5-r0+ 7 more
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: >= 1.13.0, < 1.13.4
- (no CPE)range: >= 1.13.0, < 1.14.0
- Range: 1.13.0
Patches
Vulnerability mechanics
References
4- discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-gw2g-hhc9-wgjhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-3920ghsaADVISORY
- github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2eghsaWEB
News mentions
0No linked articles in our index yet.