Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hashicorp Terraform 信息泄露漏洞
Vulnerability Description
Hashicorp Terraform是美国HashiCorp(Hashicorp)公司的一款用于预配和管理云基础结构的开源工具。 HashiCorp Terraform Enterprise 202108-1之前版本存在安全漏洞,该漏洞源于在 v202108-1 之前的 HashiCorp Terraform Enterprise 包含一个 API 端点,该端点错误地向经过身份验证的各方披露了敏感 URL,可用于权限提升或未经授权修改 Terraform 配置。
CVSS Information
N/A
Vulnerability Type
N/A