CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

SUSE CVE-2011-3649

Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D aka D2D API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE:...

Use of a Broken or Risky Cryptographic Algorithm in Terraform

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure...

CVE-2019-19316

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP...

PT-2019-15807 · Hashicorp +1 · Terraform +1

Name of the Vulnerable Software and Affected Versions: Terraform versions prior to 0.12.17 Description: The issue concerns the transmission of sensitive data in cleartext HTTP when using the Azure backend with a shared access signature SAS in Terraform. This affects the...