blob: 0e92d7d838e7d367eda2b3e5d2442ca9d8b10f20 [file] [log] [blame]
id: GO-2022-0980
modules:
- module: github.com/hashicorp/consul-template
versions:
- fixed: 0.27.3
- introduced: 0.28.0
- fixed: 0.28.3
- introduced: 0.29.0
- fixed: 0.29.2
vulnerable_at: 0.29.1
packages:
- package: github.com/hashicorp/consul-template/template
symbols:
- Template.Execute
summary: |-
Exposure of Vault secrets via error messages in
github.com/hashicorp/consul-template
description: |-
The text of errors returned by Template.Execute can contain Vault secrets,
potentially revealing these secrets in logs or error reports.
cves:
- CVE-2022-38149
ghsas:
- GHSA-8449-7gc2-pwrp
references:
- advisory: https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215
- fix: https://github.com/hashicorp/consul-template/commit/d6a6f4af219c28e67d847ba0e0b2bea8f5bb9076
review_status: REVIEWED