Vulnerabilities > Hashicorp > Terraform > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-08 | CVE-2023-4782 | Path Traversal vulnerability in Hashicorp Terraform Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. | 7.8 |
| 2021-07-20 | CVE-2021-36230 | Incorrect Authorization vulnerability in Hashicorp Terraform HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. | 8.8 |
| 2019-12-02 | CVE-2019-19316 | Cleartext Transmission of Sensitive Information vulnerability in Hashicorp Terraform When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. | 7.5 |