Unfiltered Cluster Filtering in HashiCorp Consul and Consul Enterprise

Unfiltered Cluster Filtering in HashiCorp Consul and Consul Enterprise

CVE-2022-3920 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Learn more about our Web Application Penetration Testing UK.