Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hashicorp Subscribe
Filtered by product Terraform

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36230 1 Hashicorp 1 Terraform 2021-07-29 6.5 MEDIUM 8.8 HIGH
HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.
CVE-2019-19316 1 Hashicorp 1 Terraform 2021-07-21 4.3 MEDIUM 7.5 HIGH
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.