CVE-2021-3153 — Improper Authentication in Terraform Enterprise

CWE-287 — Improper Authentication CWE-863 — Incorrect Authorization CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 66.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Terraform Enterprise

Timeline

PublishedMar 26

Latest updateJun 7

Description

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDhashicorp/terraform_enterprise202102-2

🔴Vulnerability Details

GHSA

GHSA-mq55-rphv-c5m9: HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-↗2022-05-24

▶

📋Vendor Advisories

Red Hat

ovn: service monitor MAC flow is not rate limited↗2023-06-07

▶