Auth bypass in Hashicorp Terraform Enterprise
CVE-2023-3114
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resour…
EPSS: 0.004 (33.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N.
Affected products
- Hashicorp Terraform Enterprise — versions v202207-1
- Hashicorp Terraform_enterprise
Weakness classification (CWE)
References
- security@hashicorp.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-3114?
- CVE-2023-3114 is a medium-severity vulnerability in Hashicorp Terraform Enterprise, classified under Incorrect Privilege Assignment. CVSS score: 5.0/10. Published 2023-06-22.
- How severe is CVE-2023-3114?
- Medium severity. CVSS v3 base score is 5.0 out of 10.