CVE-2022-3920
go/github.com/hashicorp/consul/acl
Missing Authorization
HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.
All versions starting from 1.13.0 up to 1.13.3
Upgrade to version 1.14.0 or above.
2022-11-21
source |