HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hashicorp terraform enterprise |