CVE-2022-38149: 
Linux Alpine vulnerability analysis and mitigation

HashiCorp Consul Template versions up to 0.27.2, 0.28.2, and 0.29.1 contained a vulnerability that could expose Vault secrets when processing invalid input. The vulnerability (CVE-2022-38149) was discovered in August 2022 and affects the template processing functionality when using Vault secret contents incorrectly (HashiCorp Advisory).

The vulnerability exists in the *template.Template.Execute method of Consul Template. When given a template using Vault secret contents incorrectly, the method could inadvertently reveal the contents of Vault secrets in the returned error messages. The vulnerability has a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating it is network accessible, requires low attack complexity, and can result in high confidentiality impact (NVD).

The primary impact of this vulnerability is the potential exposure of sensitive Vault secrets through error messages when template processing fails. This could lead to unauthorized disclosure of confidential information stored in Vault (HashiCorp Advisory).

The vulnerability has been fixed in Consul Template versions 0.27.3, 0.28.3, and 0.29.2. The fix involves updating the *template.Template.Execute method to redact Vault secrets when creating error strings. Organizations should upgrade to these or newer versions to remediate the vulnerability (HashiCorp Advisory).