CGA-3939-99j6-mfj7

Published

Last updated

https://images.chainguard.dev/security/CGA-3939-99j6-mfj7

Package

consul-1.15

Latest Update

Fixed

Fixed Version

1.15.5-r0

Aliases

CVE-2022-3920
GHSA-gw2g-hhc9-wgjh

Severity

7.5

High

CVSS V3

Summary

Missing Authorization in HashiCorp Consul

Description

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-3920
https://github.com/advisories/GHSA-gw2g-hhc9-wgjh
https://github.com/hashicorp/consul/commit/706866fa0016b0aa302679f9c648859050d19b2e
https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-3939-99j6-mfj7

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources