VYPR
High severityNVD Advisory· Published Aug 17, 2022· Updated Aug 3, 2024

CVE-2022-38149

CVE-2022-38149

Description

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/consul-templateGo
< 0.27.30.27.3
github.com/hashicorp/consul-templateGo
>= 0.28.0, < 0.28.30.28.3
github.com/hashicorp/consul-templateGo
>= 0.29.0, < 0.29.20.29.2

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.