Описание
HashiCorp Consul Template could reveal Vault secret contents in error messages
In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the *template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly. This method has been updated to redact Vault secrets when creating an error string, making it safe to log the error.. This issue was fixed in version 0.29.2.
Ссылки
Пакеты
github.com/hashicorp/consul-template
< 0.27.3
0.27.3
github.com/hashicorp/consul-template
>= 0.28.0, < 0.28.3
0.28.3
github.com/hashicorp/consul-template
>= 0.29.0, < 0.29.2
0.29.2
Связанные уязвимости
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.