CVE-2023-3114
- EPSS 0.16%
- Published 22.06.2023 22:15:09
- Last modified 21.11.2024 08:16:29
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a ...
CVE-2022-25374
- EPSS 0.32%
- Published 25.02.2022 13:15:08
- Last modified 21.11.2024 06:52:06
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVE-2021-40862
- EPSS 0.51%
- Published 15.09.2021 19:15:10
- Last modified 21.11.2024 06:24:57
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixe...
CVE-2021-3153
- EPSS 0.14%
- Published 26.03.2021 03:16:40
- Last modified 21.11.2024 06:21:00
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.
CVE-2020-15511
- EPSS 0.24%
- Published 30.07.2020 14:15:12
- Last modified 21.11.2024 05:05:40
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.