Security Bulletin: Terraform state versions can be created by users with specific permissions without sufficient write access

Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

HashiCorp Terraform Enterprise 安全漏洞

HashiCorp Terraform Enterprise is a development tool from HashiCorp USA. A security vulnerability exists in HashiCorp Terraform Enterprise that stems from insufficient privileges and could result in infrastructure changes...

CrimeOps of the KashmirBlack Botnet – Part II

Introduction The previous blog - “CrimeOps of the KasmirBlack Botnet - Part I” - described the DevOps behind the botnet. It showed how its well-designed infrastructure makes it easy to expand and add new exploits or payloads without much effort,and explained the evolution and version deployment o...

Trend Micro at MWC: Securing Our Mobile, Connected World

Time flies pretty fast in tech. When Trend Micro was founded nearly 30 years ago, mobile phones were pretty clunky, prohibitively expensive and not in the least bit “smart.” Fast forward to today and the device in your pocket has more compute power than the NASA machines that put man on the moon...

DDoS Attacks Take Down Evernote, Feedly

UPDATED — News aggregator Feedly is still offline Thursday as continues to battle a series of distributed denial of service attacks that’s kept the service down for two consecutive days. The site was able to get back online shortly after 3 p.m. Wednesday after it neutralized the first DDoS attack...

Oracle Linux 5 : Important: / kernel (ELSA-2008-0089)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0089 advisory. 2.6.18-53.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki ORA 6045759 - NET Fix msi issue with kexec/kdump Michael Chan ORA 621936...

Important: kernel security and bug fix update

2.6.18-53.1.6.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki ORA 6045759 - NET Fix msi issue with kexec/kdump Michael Chan ORA 6219364 - MM Fix allocpagesnode static nid' race made kernel crash Joe Jin ORA 6187457 - splice Fix bad unlockpage in error case Jens Axboe ORA 6263574 ...