CVE-2022-29810

CVE-2022-29810

EPSS 0.4%

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11