Terraform Allows Arbitrary File Write During Init Operation

CVE-2023-4782

6.3MEDIUM

Key Information

Vendor: Hashicorp
Status: Terraform
Vendor: CVE Published:; 8 September 2023

Summary

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Affected Version(s)

Terraform < 1.5.7

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 7.8 to: 6.3 - (MEDIUM)
Sep 26, 2024
Vulnerability published.
Sep 8, 2023
Vulnerability Reserved.
Sep 5, 2023

Collectors

NVD DatabaseMitre Database

.