Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool
Vulnerability Description
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
特权授予不正确
Vulnerability Title
HashiCorp Terraform 安全漏洞
Vulnerability Description
HashiCorp Terraform是美国HashiCorp公司的一款用于预配和管理云基础结构的开源工具。 Terraform Enterprise v202207-1之前版本存在安全漏洞,该漏洞源于未正确实施代理池的授权规则,从而导致工作区成为未经授权的代理的目标。
CVSS Information
N/A
Vulnerability Type
N/A