github.com/hashicorp/terraform is vulnerable to information disclosure. The vulnerability exists when Terraform is configured to use AzureRM blob storage, and is authenticated using a SAS that does not require HTTPS, and if the AzureRM blob storage container allows HTTP connections. The token and state snapshot is transmitted using cleartext HTTP.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/terraform | eq | HEAD | |
github.com/hashicorp/terraform | le | 0.12.16 |