11 matches found
EUVD-2024-2350
Malicious code in bioql PyPI...
EUVD-2023-2517
Malicious code in bioql PyPI...
GO-2023-2055 Terraform allows arbitrary file write during the `init` operation in github.com/hashicorp/terraform
Terraform allows arbitrary file write during the init operation in github.com/hashicorp/terraform...
CVE-2024-6833
CVE-2024-6833 affects Zowe CLI. A local, privileged attacker can exploit an auto-init operation to cause credentials entered by a user to be written to a plaintext file, exposing sensitive information. The vulnerability is described as a credentials exposure via insecure storage in the auto-init ...
PT-2024-37892 · Zowe Cli · Zowe Cli
Name of the Vulnerable Software and Affected Versions: Zowe CLI affected versions not specified Description: A local, privileged actor can store previously entered secure credentials in a plaintext file as part of an auto-init operation. Recommendations: At the moment, there is no information abo...
Terraform allows arbitrary file write during the `init` operation
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...
AZL-29705 CVE-2023-4782 affecting package terraform for versions less than 1.3.2-19
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...
Code injection
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...
CVE-2023-4782 Terraform Allows Arbitrary File Write During Init Operation
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...
PT-2023-6893 · Hashicorp · Terraform
Name of the Vulnerable Software and Affected Versions: Terraform versions 1.0.8 through 1.5.6 Description: The issue is related to arbitrary file write during the init operation when run on maliciously crafted Terraform configuration. This is due to incorrect restriction of the directory path nam...
HashiCorp Terraform Path Traversal Vulnerability
HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp, USA. A security vulnerability exists in Terraform versions 1.0.8 through 1.5.6, which stems from allowing arbitrary files to be written during an init operation...