Terraform Enterprise HashiCorp Terraform Enterprise

Do you want an email whenever new security vulnerabilities are reported in HashiCorp Terraform Enterprise?

By the Year

In 2024 there have been 0 vulnerabilities in HashiCorp Terraform Enterprise . Last year Terraform Enterprise had 1 security vulnerability published. Right now, Terraform Enterprise is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.70
2022 1 7.50
2021 2 7.65
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Terraform Enterprise vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent HashiCorp Terraform Enterprise Security Vulnerabilities

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools

CVE-2023-3114 7.7 - High - June 22, 2023

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.

AuthZ

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner

CVE-2022-25374 7.5 - High - February 25, 2022

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

Insertion of Sensitive Information into Log File

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint

CVE-2021-40862 8.8 - High - September 15, 2021

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

Information Disclosure

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting

CVE-2021-3153 6.5 - Medium - March 26, 2021

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for HashiCorp Terraform Enterprise or by HashiCorp? Click the Watch button to subscribe.

HashiCorp
Vendor

subscribe