Hashicorp Terraform

5 CVEs affecting Hashicorp Terraform. Latest disclosed: 2025-11-21. Critical: 1, High: 2.

Top CVEs affecting Hashicorp Terraform
CVESeverityScorePublishedSummary
CVE-2018-9057Critical9.82018-03-27aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm an…
CVE-2021-36230High8.82021-07-20HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token…
CVE-2019-19316High7.52019-12-02When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartex…
CVE-2023-4782Medium6.32023-09-08Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulne…
CVE-2025-13432Medium4.32025-11-21Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the altera…