GHSA-gw2g-hhc9-wgjh

Опубликовано: 16 нояб. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Missing Authorization in HashiCorp Consul

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

Ссылки

Пакеты

Наименование

github.com/hashicorp/consul

Затронутые версииВерсия исправления

>= 1.13.0, < 1.14.0

1.14.0

EPSS

Процентиль: 42%

0.00201

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-3920

Дефекты

CWE-862

Связанные уязвимости

CVE-2022-3920

CVSS3: 5.3

ubuntu

почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

CVE-2022-3920

CVSS3: 7.5

redhat

почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

CVE-2022-3920

CVSS3: 5.3

nvd

почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.

CVE-2022-3920

CVSS3: 5.3

debian

почти 3 года назад

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...

ROS-20250624-05

CVSS3: 7.5

redos

3 месяца назад

Множественные уязвимости consul

EPSS

Процентиль: 42%

0.00201

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-3920

Дефекты

CWE-862