User Registration Bypass in HashiCorp Terraform Enterprise
CVE-2020-15511

5.3MEDIUM

Key Information:

Vendor: Hashicorp
Status: Terraform Enterprise
Vendor: CVE Published:; 30 July 2020

Summary

HashiCorp Terraform Enterprise versions up to v202006-1 contain a vulnerability that allows users to register on the platform even when the registration feature is disabled. This occurs due to a default signup page that does not enforce SAML authentication protocols, resulting in potential unauthorized access to the system. The issue has been addressed and resolved in version v202007-1.

References

https://www.hashicorp.com/blog/category/terraform/

x_refsource_MISC

https://github.com/hashicorp/terraform-enterprise-release...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2020
Vulnerability Reserved
Jul 2, 2020