Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-38149

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.

Published

2022-08-17T15:15:08.607

Last Modified

2024-11-21T07:15:53.740

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	consul_template	< 0.29.2	Yes

References

https://discuss.hashicorp.com Vendor Advisory ([email protected])
https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215 Vendor Advisory ([email protected])
https://discuss.hashicorp.com Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)