Terraform Enterprise Security Vulnerabilities and Issues — Terraform Enterprise CVE List

Lucene search

HashicorpTerraform Enterprise

5 matches found

CVE•added 2022/02/25 1:15 p.m.•85 views

CVE-2022-25374

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

7.5CVSS7.4AI score0.00322EPSS

CVE•added 2021/03/26 3:16 a.m.•70 views

CVE-2021-3153

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.

6.5CVSS6.5AI score0.00138EPSS

CVE•added 2023/06/22 10:15 p.m.•41 views

CVE-2023-3114

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same...

7.7CVSS5.7AI score0.00158EPSS

CVE•added 2021/09/15 7:15 p.m.•36 views

CVE-2021-40862

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

8.8CVSS8.6AI score0.00512EPSS

CVE•added 2020/07/30 2:15 p.m.•31 views

CVE-2020-15511

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.

5.3CVSS5.2AI score0.00241EPSS