CVE-2022-3920

Missing Authorization in go/github.com/hashicorp/consul/acl

Identifiers

CVE-2022-3920

Package Slug

go/github.com/hashicorp/consul/acl

Vulnerability

Missing Authorization

Description

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Affected Versions

All versions starting from 1.13.0 up to 1.13.3

Solution

Upgrade to version 1.14.0 or above.

Last Modified

2022-11-21

source