6 matches found
CVE-2025-10043
...
External Control of File Name or Path
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of File Name or Path due to the vault secret lookup not accounting for the Windows file...
CVE-2025-6203
A denial of service flaw has been discovered in Hashicorp's vault secret storage project. A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit, which results in excessive memory and CPU consumption of Vault. This may lead to a timeout...
CVE-2022-38149
A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template...
HashiCorp Consul Template could reveal Vault secret contents in error messages
In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly. This method has been updated to redact Vault...
GHSA-8449-7GC2-PWRP HashiCorp Consul Template could reveal Vault secret contents in error messages
In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly. This method has been updated to redact Vault...