Vulnerabilities > Hashicorp > Terraform Enterprise
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-3114 | Incorrect Authorization vulnerability in Hashicorp Terraform Enterprise Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. | 7.7 |
| 2022-02-25 | CVE-2022-25374 | Information Exposure Through Log Files vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. | 7.5 |
| 2021-09-15 | CVE-2021-40862 | Information Exposure vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. | 8.8 |
| 2021-03-26 | CVE-2021-3153 | Improper Authentication vulnerability in Hashicorp Terraform Enterprise 2020071 HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. | 6.5 |
| 2020-07-30 | CVE-2020-15511 | Unspecified vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. | 5.3 |