Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-266 |
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-06-22T21:59:46.778Z
Updated: 2024-09-26T22:07:27.156Z
Reserved: 2023-06-06T00:43:14.939Z
Link: CVE-2023-3114
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-06-22T22:15:09.197
Modified: 2024-09-26T20:15:06.253
Link: CVE-2023-3114
Redhat
No data.