Hashicorp Terraform Enterprise — known CVE vulnerabilities
Every CVE whose affected-product data names Hashicorp Terraform Enterprise, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-40862 — CVSS 8.8 (high): HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated…
CVE-2022-25374 — CVSS 7.5 (high): HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that…
CVE-2021-3153 — CVSS 6.5 (medium): HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization…
CVE-2020-15511 — CVSS 5.3 (medium): HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing…
CVE-2023-3114 — CVSS 5.0 (medium): Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted…