Lucene search
K

62 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-14468 Path traversal allows arbitrary file read in Terraform Enterprise container

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41946

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 4 days ago6 views

Terraform Enterprise vulnerable to arbitrary file read

Summary HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository...

7.7CVSS6.1AI score0.00295EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.11 views

PT-2026-35172

3/4 Nation-states already weaponizing it: • Chinese APT29 Cozy Bear chaining poisoned Terraform for gov/defense persistence • Russian GRU targeting CNAPP layers in EU energy/finance 🚨 Terraform Enterprise RCE zero-day CVE-2026-81234 actively exploited & just added to CISA KEV today!...

5.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/01 3:19 p.m.4 views

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 8:12 p.m.6 views

Security Bulletin: Terraform state versions can be created by users with specific permissions without sufficient write access

Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...

4.3CVSS6.5AI score0.00158EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/11/21 3:31 p.m.8 views

EUVD-2025-198493

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS6.2AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2025/11/21 3:15 p.m.5 views

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS0.00158EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 2:20 p.m.8 views

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS5.9AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/21 2:20 p.m.13 views

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 2:20 p.m.5 views

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS6.3AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 2:20 p.m.20 views

CVE-2025-13432

CVE-2025-13432 affects Terraform Enterprise: state versions can be created by a user with insufficient permissions in a workspace, potentially allowing infrastructure alterations after a plan is approved or auto-applied. Affected versions (per connected sources) include Terraform Enterprise 1.1.0...

4.3CVSS6.3AI score0.00158EPSS
Exploits0References1Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/11/21 2:13 p.m.8 views

Terraform Enterprise state versions can be created by users without sufficient write access

Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...

4.3CVSS6.1AI score0.00158EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.9 views

PT-2025-47784

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/21 12:0 a.m.8 views

HashiCorp Terraform Enterprise 安全漏洞

HashiCorp Terraform Enterprise is a development tool from HashiCorp USA. A security vulnerability exists in HashiCorp Terraform Enterprise that stems from insufficient privileges and could result in infrastructure changes...

4.3CVSS6.5AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7503

Malware in sbrugna...

5.3CVSS5.6AI score0.00852EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-22850

Malware in sbrugna...

8.8CVSS8.3AI score0.00954EPSS
Exploits0References3
Rows per page
Query Builder