CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.

CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.

You can work around this issue by using static endpoints or interface aliases. You can also use Consul's filtering rules to whitelist specific endpoints or services. For more information, see the Consul documentation on filtering endpoints. HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI.

Fixed in 1.14.0. You can work around this issue by using static endpoints or interface aliases. You can also use Consul's filtering rules to whitelist specific endpoints or services. For more information, see the Consul documentation on filtering endpoints. HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI.

Fixed in 1.14.0. You can work around this issue by using static endpoints or interface aliases. You can also use Consul's filtering rules to whitelist specific endpoints or services. For more information, see the Consul documentation on filtering endpoints. HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI.

Fixed in 1.14.0. You can work

Consul Enterprise 1.14.0

Fixed in 1.14.0. You can work around this issue by using static endpoints or interface aliases. You can also use Consul's filtering rules to whitelist specific endpoints or services. For more information, see the Consul documentation on filtering endpoints. HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI.

Fixed in 1.14.0

What is this guide cover?

This guide covers the following topics:
- How to use the UI
- What it looks like when you start your project
- Walkthrough of how to create a service, inject variables, and configure services
- Using the UI as a Webhook receiver
- Using the UI as a Proxy server

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe