9 matches found
CVE-2026-27640
tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...
CVE-2026-27640 tfplan2md has Sensitive Value Exposure in Generated Reports
tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...
CVE-2026-27640
tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...
EUVD-2026-8615
tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...
CVE-2026-27640
CVE-2026-27640 affects tfplan2md prior to version 1.26.1. A bug in rendering paths for AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection caused sensitive values to render as non-masked strings instead of “(sensi...
PT-2026-21856
Name of the Vulnerable Software and Affected Versions tfplan2md versions prior to 1.26.1 Description tfplan2md is software used to convert Terraform plan JSON files into Markdown reports. Versions of the software prior to 1.26.1 had a flaw where sensitive values that should have been masked as...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan
kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...
run-terraform allows for RCE via terraform plan
Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...