← back
CVE-2021-40862

CVE-2021-40862

EPSS 0.9%
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://discuss.hashicorp.com/t/hcsec-2021-25-terraform-enterprise-configuration-versions-api-discloses-sensitive-url/29508