Vulnerability Report: GO-2022-0980
- CVE-2022-38149, GHSA-8449-7gc2-pwrp
- Affects: github.com/hashicorp/consul-template
- Published: Sep 21, 2022
- Modified: Jun 12, 2023
The text of errors returned by Template.Execute can contain Vault secrets, potentially revealing these secrets in logs or error reports.
For detailed information about this vulnerability, visit https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215.
Affected Packages
-
PathVersionsSymbols
-
before v0.27.3, from v0.28.0 before v0.28.3, from v0.29.0 before v0.29.2
Aliases
References
- https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215
- https://github.com/hashicorp/consul-template/commit/d6a6f4af219c28e67d847ba0e0b2bea8f5bb9076
- https://vuln.go.dev/ID/GO-2022-0980.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.