• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

terraform_enterprise

CVE-2020-15511

February 26, 2023 by

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.

CVE-2021-40862

February 23, 2023 by

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

CVE-2021-3153

February 23, 2023 by

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.

CVE-2022-25374

February 23, 2023 by godfreyd94

HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE