Lucene search

Redhat.comRH:CVE-2022-38149

HistoryAug 30, 2022 - 6:40 p.m.

CVE-2022-38149

2022-08-3018:40:01

redhat.com

access.redhat.com

hashicorp consul

vulnerability

reveals contents

vault secret

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template.

References

bugzilla.redhat.com/show_bug.cgi?id=2119551

discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215

nvd.nist.gov/vuln/detail/CVE-2022-38149

www.cve.org/CVERecord?id=CVE-2022-38149

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for RH:CVE-2022-38149