Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
References
Configurations
History
26 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-266 |
03 Jul 2023, 19:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-22 22:15
Updated : 2024-09-26 20:15
NVD link : CVE-2023-3114
Mitre link : CVE-2023-3114
CVE.ORG link : CVE-2023-3114
JSON object : View
Products Affected
hashicorp
- terraform_enterprise