Filtered by vendor Hashicorp
Subscriptions
Filtered by product Terraform Enterprise
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3114 | 1 Hashicorp | 1 Terraform Enterprise | 2024-09-26 | 5 Medium |
| Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1. | ||||
| CVE-2020-15511 | 1 Hashicorp | 1 Terraform Enterprise | 2024-08-04 | 5.3 Medium |
| HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1. | ||||
| CVE-2021-40862 | 1 Hashicorp | 1 Terraform Enterprise | 2024-08-04 | 8.8 High |
| HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1. | ||||
| CVE-2021-3153 | 1 Hashicorp | 1 Terraform Enterprise | 2024-08-03 | 6.5 Medium |
| HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1. | ||||
| CVE-2022-25374 | 1 Hashicorp | 1 Terraform Enterprise | 2024-08-03 | 7.5 High |
| HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1. | ||||
Page 1 of 1.