CVE-2022-29810

CVE-2022-29810

EPSS 0.4%

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc https://github.com/hashicorp/go-getter/pull/348 https://github.com/hashicorp/go-getter/releases/tag/v1.5.11