Terraform Enterprise since v202207-1 did not properly...
Unreviewed
Published
Jun 23, 2023
to the GitHub Advisory Database
•
Updated Nov 7, 2023
Description
Published by the National Vulnerability Database
Jun 22, 2023
Published to the GitHub Advisory Database
Jun 23, 2023
Last updated
Nov 7, 2023
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
References