📦

terraform_enterprise

Vendor: hashicorp

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.28% Exploit Prob.

Latest CVE CVE-2023-3114 Jun 22

Security Vulnerability Index

Page 1 / 1

5.0 CVSS

CVE-2023-3114

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.

EPSS: 0.21%

Severity: MEDIUM

Jun 22, 2023

7.5 CVSS

CVE-2022-25374

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

EPSS: 0.32%

Severity: HIGH

Feb 25, 2022

8.8 CVSS

CVE-2021-40862

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

EPSS: 0.51%

Severity: HIGH

Sep 15, 2021

6.5 CVSS

CVE-2021-3153

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.

EPSS: 0.14%

Severity: MEDIUM

Mar 26, 2021

5.3 CVSS

CVE-2020-15511

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.

EPSS: 0.24%

Severity: MEDIUM

Jul 30, 2020

Displaying 5 of 5 Total Entries

Total 1 Sections