CVE-2021-36230

HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:hashicorp:terraform:*:*:*:*:*:enterprise:*:*

Information

Published : 2021-07-20 14:15

Updated : 2021-07-29 12:11


NVD link : CVE-2021-36230

Mitre link : CVE-2021-36230


JSON object : View

CWE
CWE-863

Incorrect Authorization

Advertisement

dedicated server usa

Products Affected

hashicorp

  • terraform