Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hashicorp Subscribe
Filtered by product Terraform Enterprise
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25374 1 Hashicorp 1 Terraform Enterprise 2022-08-10 5.0 MEDIUM 7.5 HIGH
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVE-2021-40862 1 Hashicorp 1 Terraform Enterprise 2022-07-12 6.5 MEDIUM 8.8 HIGH
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
CVE-2021-3153 1 Hashicorp 1 Terraform Enterprise 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.
CVE-2020-15511 1 Hashicorp 1 Terraform Enterprise 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.