20 matches found
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
BIT-CONSUL-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
EUVD-2026-29483
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
CVE-2026-5061
The affected software is consul-template. Before version 0.42.0, the library’s file template helper is vulnerable to a sandbox path bypass that may allow reading an out-of-sandbox file. The underlying issue is a path bypass in the file template helper, enabling access outside the intended sandbox...
CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack
The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...
PT-2026-40036
Name of the Vulnerable Software and Affected Versions consul-template versions prior to 0.42.0 Description A sandbox path bypass exists in the file template helper, which may allow an attacker to read files located outside of the intended sandbox directory. Recommendations Update to version 0.42....
EUVD-2022-6511
Malicious code in bioql PyPI...
HashiCorp Consul Template could reveal Vault secret contents in error messages
In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly. This method has been updated to redact Vault...
CVE-2022-38149
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...
CVE-2022-38149
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...
CVE-2022-38149
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...
Design/Logic Flaw
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...
CVE-2022-38149
HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the template.Template.Execute method, when given a template using Vault secret contents incorrectly. Fixed in 0.27.3, 0.28.3, and 0.29.2...
CVE-2022-38149
HashiCorp Consul Template versions up to 0.27.2, 0.28.2, and 0.29.1 could expose Vault secret contents in error text produced by Template.Execute when processing certain templates. The issue, tracked as CVE-2022-38149, has been fixed in 0.27.3, 0.28.3, and 0.29.2. No other products or components ...
PT-2022-24241 · Hashicorp · Hashicorp Consul Template
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul Template versions 0.27.2 and earlier, 0.28.2 and earlier, 0.29.1 and earlier Description: The issue concerns the potential exposure of Vault secrets in error messages returned by the template.Template.Execute method when a...
HashiCorp Consul 日志信息泄露漏洞
HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A log information disclosure vulnerability exists in HashiCorp Consul Template...