CVE-2026-14468
- EPSS 0.3%
- Veröffentlicht 06.07.2026 20:59:47
- Zuletzt bearbeitet 07.07.2026 15:16:42
HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files...
CVE-2025-13432
- EPSS 0.16%
- Veröffentlicht 21.11.2025 14:20:53
- Zuletzt bearbeitet 10.12.2025 21:02:36
Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval p...
CVE-2023-3114
- EPSS 0.42%
- Veröffentlicht 22.06.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:29
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a ...
CVE-2022-25374
- EPSS 0.95%
- Veröffentlicht 25.02.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:52:06
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVE-2021-40862
- EPSS 0.97%
- Veröffentlicht 15.09.2021 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:24:57
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixe...
CVE-2021-3153
- EPSS 0.65%
- Veröffentlicht 26.03.2021 03:16:40
- Zuletzt bearbeitet 21.11.2024 06:21:00
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.
CVE-2020-15511
- EPSS 0.85%
- Veröffentlicht 30.07.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:05:40
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.