High severityNVD Advisory· Published Nov 15, 2022· Updated Apr 29, 2025
Consul Peering Imported Nodes/Services Leak
CVE-2022-3920
Description
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/consulGo | >= 1.13.0, < 1.14.0 | 1.14.0 |
Affected products
10- osv-coords8 versionspkg:apk/chainguard/consul-1.15pkg:apk/chainguard/consul-1.15-oci-entrypointpkg:apk/chainguard/consul-1.15-oci-entrypoint-compatpkg:apk/wolfi/consul-1.15pkg:apk/wolfi/consul-1.15-oci-entrypointpkg:apk/wolfi/consul-1.15-oci-entrypoint-compatpkg:bitnami/consulpkg:golang/github.com/hashicorp/consul
< 1.15.5-r0+ 7 more
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: < 1.15.5-r0
- (no CPE)range: >= 1.13.0, < 1.13.4
- (no CPE)range: >= 1.13.0, < 1.14.0
- Range: 1.13.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-gw2g-hhc9-wgjhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-3920ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946ghsaWEB
- github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2eghsaWEB
News mentions
0No linked articles in our index yet.