Vulnerabilities > CVE-2020-15511 - Unspecified vulnerability in Hashicorp Terraform Enterprise

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

hashicorp

NVD

Published: 2020-07-30

Updated: 2024-11-21

Summary

HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Terraform Enterprise -	1

References

https://github.com/hashicorp/terraform-enterprise-release-notes/blob/master/v202007-1.md
https://github.com/hashicorp/terraform-enterprise-release-notes/blob/master/v202007-1.md
https://www.hashicorp.com/blog/category/terraform/
https://www.hashicorp.com/blog/category/terraform/