Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-3920 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Consul Enterprise Server applications / Other server solutions Consul Server applications / Other server solutions |
Vendor | HashiCorp |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU69422
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-3920
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected application does not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsConsul Enterprise: 1.13.0 - 1.13.3
Consul: 1.13.0 - 1.13.3
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.