CVE-2022-38149 – consul: Consul Template May Expose Vault Secrets When Processing Invalid Input

https://notcve.org/view.php?id=CVE-2022-38149

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2. Las plantillas de HashiCorp Consul hasta la 0.27.2, 0.28.2 y 0.29.1 podían exponer el contenido de los secretos de la bóveda en el error devuelto por el método *template.Template.Execute, cuando se daba una plantilla que utilizaba incorrectamente el contenido de los secretos de la bóveda. Corregido en 0.27.3, 0.28.3 y 0.29.2 A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template. • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hsec-2022-16-consul-template-may-expose-vault-secrets-when-processing-invalid-input/43215 https://access.redhat.com/security/cve/CVE-2022-38149 https://bugzilla.redhat.com/show_bug.cgi?id=2119551 • CWE-532: Insertion of Sensitive Information into Log File •