Hashicorp Terraform_enterprise
5 CVEs affecting Hashicorp Terraform_enterprise. Latest disclosed: 2023-06-22. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-40862 | High | 8.8 | 2021-09-15 | HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be us… |
CVE-2022-25374 | High | 7.5 | 2022-02-25 | HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensiti… |
CVE-2021-3153 | Medium | 6.5 | 2021-03-26 | HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor au… |
CVE-2020-15511 | Medium | 5.3 | 2020-07-30 | HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. F… |
CVE-2023-3114 | Medium | 5.0 | 2023-06-22 | Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agen… |