Hashicorp: >> Terraform Enterprise >> 202107-1 Security Vulnerabilities
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-02-25
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-09-15