Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:22092
HistoryDec 04, 2019 - 2:17 a.m.

Information Disclosure

2019-12-0402:17:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4

0.002 Low

EPSS

Percentile

53.8%

github.com/hashicorp/terraform is vulnerable to information disclosure. The vulnerability exists when Terraform is configured to use AzureRM blob storage, and is authenticated using a SAS that does not require HTTPS, and if the AzureRM blob storage container allows HTTP connections. The token and state snapshot is transmitted using cleartext HTTP.

0.002 Low

EPSS

Percentile

53.8%