diff --git a/.changelog/2390.txt b/.changelog/2390.txt
new file mode 100644
index 0000000000..a4546bd781
--- /dev/null
+++ b/.changelog/2390.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Update [Go-Discover](https://github.com/hashicorp/go-discover) in the container has been updated to address [CVE-2020-14040](https://github.com/advisories/GHSA-5rcv-m4m3-hfh7)
+```
diff --git a/control-plane/Dockerfile b/control-plane/Dockerfile
index 129344eade..844c487e49 100644
--- a/control-plane/Dockerfile
+++ b/control-plane/Dockerfile
@@ -14,7 +14,7 @@
 # go-discover builds the discover binary (which we don't currently publish
 # either).
 FROM golang:1.19.2-alpine as go-discover
-RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@49f60c093101c9c5f6b04d5b1c80164251a761a6
+RUN CGO_ENABLED=0 go install github.com/hashicorp/go-discover/cmd/discover@214571b6a5309addf3db7775f4ee8cf4d264fd5f
 
 # dev copies the binary from a local build
 # -----------------------------------