Описание
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.29.2 (исключая)
cpe:2.3:a:hashicorp:consul_template:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00441
Низкий
7.5 High
CVSS3
Дефекты
CWE-532
Связанные уязвимости
CVSS3: 7.5
redhat
больше 3 лет назад
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.
CVSS3: 7.5
github
больше 3 лет назад
HashiCorp Consul Template could reveal Vault secret contents in error messages
EPSS
Процентиль: 63%
0.00441
Низкий
7.5 High
CVSS3
Дефекты
CWE-532