{"id":"CVE-2022-3920","details":"HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0.","aliases":["BIT-consul-2022-3920","GHSA-gw2g-hhc9-wgjh","GO-2022-1121"],"modified":"2026-04-16T04:32:06.354926275Z","published":"2022-11-16T00:15:09.747Z","related":["CGA-477v-ppmx-cwcq"],"references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/consul","events":[{"introduced":"8c2372092a8683dd40221372597d3efed0c84e2b"},{"last_affected":"b29e5894f2322c9294b1f03c9b264ae2e6ae0eb0"},{"introduced":"8c2372092a8683dd40221372597d3efed0c84e2b"},{"last_affected":"b29e5894f2322c9294b1f03c9b264ae2e6ae0eb0"}],"database_specific":{"versions":[{"introduced":"1.13.0"},{"last_affected":"1.13.3"},{"introduced":"1.13.0"},{"last_affected":"1.13.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3920.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}