Lucene search

[email protected]CVE-2022-38149

HistoryAug 17, 2022 - 3:15 p.m.

CVE-2022-38149

2022-08-1715:15:08

CWE-532

[email protected]

web.nvd.nist.gov

hashicorp

consul template

cve-2022-38149

security

nvd

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.

Affected configurations

NVD

Node

hashicorpconsul_templateRange<0.29.2

CPENameOperatorVersion
hashicorp:consul_templatehashicorp consul templatelt0.29.2

CPE	Name	Operator	Version
hashicorp:consul_template	hashicorp consul template	lt	0.29.2

References

discuss.hashicorp.com

discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2022-38149

github1 osv3 prion1 cvelist1 redhatcve1 alpinelinux1 nvd1 redhat1