Lucene search

HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG

🗓️ 14 May 2022 03:43:29Reported by GitHub Advisory DatabaseType

HashiCorp Terraform AWS insecure PRNG vulnerability in IAM user login profil

Reporter	Title	Published	Views	Family All 11
NVD	CVE-2018-9057	27 Mar 201818:29	–	nvd
Prion	Design/Logic Flaw	27 Mar 201818:29	–	prion
Cvelist	CVE-2018-9057	27 Mar 201818:00	–	cvelist
OSV	CGA-4FVW-86MV-QRV4	6 Jun 202412:22	–	osv
OSV	CVE-2018-9057	27 Mar 201818:29	–	osv
OSV	HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG	14 May 202203:29	–	osv
Veracode	Insecure Number Generator	28 Mar 201806:56	–	veracode
CVE	CVE-2018-9057	27 Mar 201818:29	–	cve
Tenable Nessus	CBL Mariner 2.0 Security Update: terraform (CVE-2018-9057)	20 Mar 202300:00	–	nessus
CBLMariner	CVE-2018-9057 affecting package terraform for versions less than 1.2.2-2	26 Jun 202203:29	–	cbl_mariner

Vulners

Node

hashicorp terraform\-provider\-awsRange<1.14.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-9057
github	www.github.com/terraform-providers/terraform-provider-aws/pull/3934
github	www.github.com/hashicorp/terraform-provider-aws/pull/3934
github	www.github.com/hashicorp/terraform-provider-aws/pull/3989
github	www.github.com/hashicorp/terraform-provider-aws/commit/efa8cd45c6484ff70b2a515ea7ff06f2459d4ddf
github	www.github.com/hashicorp/terraform-provider-aws/blob/02b039aa82dd7fc6e4a97a0922cc5dbbab724021/resource_aws_iam_user_login_profile.go
github	www.github.com/advisories/GHSA-r48h-jr2j-9g78

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2022 03:29Current

7.1High risk

Vulners AI Score7.1

CVSS25

CVSS39.8

EPSS0.00437

CWE-332