Terraform Allows Arbitrary File Write During Init Operation
CVE-2023-4782

6.3MEDIUM

Key Information:

Vendor
Hashicorp
Status
Terraform
Vendor
CVE Published:
8 September 2023

Summary

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Affected Version(s)

Terraform Windows 1.0.8 < 1.5.7

References

https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-a...

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.