Terraform Enterprise
Approved changes feed: RSS · Atom
cpe:2.3:a:hashicorp:terraform_enterprise:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Hashicorp (dc524c16-6a01-528e-a41c-9d3e02e5e4a3) |
|---|---|
| Product | Terraform Enterprise (e4fd3301-a809-573e-9388-772b5bff291d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-13432 |
vulnerable | 2026-06-03 14:58:46.055894 |
Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access
MEDIUM (4.3)
Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability, CVE-2025-13432, is fixed in Terraform Enterprise version 1.1.1 and 1.0.3.
Published: 2025-11-21T14:20:53.921Z
Updated: 2025-11-21T15:13:18.518Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3114 |
vulnerable | 2026-06-03 14:52:39.954825 |
Terraform Enterprise Agent Pool Controls Allowed Unauthorized Workspaces To Target an Agent Pool
MEDIUM (5)
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
Published: 2023-06-22T21:59:46.778Z
Updated: 2024-12-04T21:33:25.906Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25374 |
vulnerable | 2026-06-03 14:46:37.689312 |
Details available
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
Published: 2022-02-25T12:25:04.000Z
Updated: 2024-08-03T04:36:07.000Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40862 |
vulnerable | 2026-06-03 14:45:24.710719 |
Details available
HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.
Published: 2021-09-15T18:03:45.000Z
Updated: 2024-08-04T02:51:07.751Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-3153 |
vulnerable | 2026-06-03 14:45:10.179876 |
Details available
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.
Published: 2021-03-26T02:51:57.000Z
Updated: 2024-08-03T16:45:51.407Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-15511 |
vulnerable | 2026-06-03 14:41:45.956232 |
Details available
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.
Published: 2020-07-30T13:15:50.000Z
Updated: 2024-08-04T13:15:20.851Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.