Lucene search
Veracode Vulnerability DatabaseVERACODE:22092HistoryDec 04, 2019 - 2:17 a.m.
Information Disclosure
2019-12-0402:17:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.002 Low
EPSS
Percentile
53.8%
github.com/hashicorp/terraform is vulnerable to information disclosure. The vulnerability exists when Terraform is configured to use AzureRM blob storage, and is authenticated using a SAS that does not require HTTPS, and if the AzureRM blob storage container allows HTTP connections. The token and state snapshot is transmitted using cleartext HTTP.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/terraform | eq | HEAD | |
| github.com/hashicorp/terraform | le | 0.12.16 |
Related
cve
cve
CVE-2019-19316
2019-12-02 21:15:16
osv
osv
Use of a Broken or Risky Cryptographic Algorithm in Terraform
2021-05-18 18:18:50
CVE-2019-19316
2019-12-02 21:15:16
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0320-1)
2021-06-09 00:00:00
github
github
Use of a Broken or Risky Cryptographic Algorithm in Terraform
2021-05-18 18:18:50
prion
prion
Design/Logic Flaw
2019-12-02 21:15:00
cvelist
cvelist
CVE-2019-19316
2019-12-02 20:50:44
nvd
nvd
CVE-2019-19316
2019-12-02 21:15:16
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-10-25 20:24:23