Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
History

Thu, 26 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-06-22T21:59:46.778Z

Updated: 2024-09-26T22:07:27.156Z

Reserved: 2023-06-06T00:43:14.939Z

Link: CVE-2023-3114

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-22T22:15:09.197

Modified: 2024-09-26T20:15:06.253

Link: CVE-2023-3114

cve-icon Redhat

No data.