Lucene search

CVE-2022-3920

🗓️ 16 Nov 2022 00:09:15Reported by HashiCorpType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 272 Views

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 28
OSV	Missing Authorization in HashiCorp Consul	16 Nov 202212:00	–	osv
OSV	CGA-3939-99J6-MFJ7	6 Jun 202412:21	–	osv
OSV	CVE-2022-3920	16 Nov 202200:15	–	osv
OSV	GO-2022-1121 Missing Authorization in HashiCorp Consul in github.com/hashicorp/consul	21 Aug 202416:03	–	osv
OSV	BIT-consul-2022-3920	6 Mar 202410:52	–	osv
Chainguard	CVE-2022-3920 vulnerabilities	16 Nov 202200:15	–	cgr
RedhatCVE	CVE-2022-3920	24 Nov 202213:56	–	redhatcve
Cvelist	CVE-2022-3920 Consul Peering Imported Nodes/Services Leak	15 Nov 202223:25	–	cvelist
Prion	Design/Logic Flaw	16 Nov 202200:15	–	prion
Github Security Blog	Missing Authorization in HashiCorp Consul	16 Nov 202212:00	–	github

Nvd

Node

hashicorp consulRange1.13.0–1.13.3-

hashicorp consulRange1.13.0–1.13.3enterprise

[
  {
    "vendor": "HashiCorp",
    "product": "Consul",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "repo": "https://github.com/hashicorp/consul",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.0"
      },
      {
        "status": "affected",
        "version": "1.13.1"
      },
      {
        "status": "affected",
        "version": "1.13.2"
      },
      {
        "status": "affected",
        "version": "1.13.3"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "HashiCorp",
    "product": "Consul Enterprise",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.13.0"
      },
      {
        "status": "affected",
        "version": "1.13.1"
      },
      {
        "status": "affected",
        "version": "1.13.2"
      },
      {
        "status": "affected",
        "version": "1.13.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
discuss	www.discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Nov 2022 00:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS35.3 - 7.5

EPSS0.00286

CWE-862