Unrated severityNVD Advisory· Published Jul 20, 2021· Updated Aug 4, 2024
CVE-2021-36230
CVE-2021-36230
Description
HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- Range: <=v202106-1
- osv-coords19 versionspkg:apk/chainguard/terraformpkg:apk/chainguard/terraform-1.10pkg:apk/chainguard/terraform-1.10-compatpkg:apk/chainguard/terraform-1.10-local-provider-configpkg:apk/chainguard/terraform-1.11pkg:apk/chainguard/terraform-1.11-compatpkg:apk/chainguard/terraform-1.11-local-provider-configpkg:apk/chainguard/terraform-1.9pkg:apk/chainguard/terraform-1.9-compatpkg:apk/chainguard/terraform-1.9-local-provider-configpkg:apk/chainguard/terraform-compatpkg:apk/chainguard/terraform-local-provider-configpkg:apk/chainguard/terragruntpkg:apk/chainguard/terragrunt-docspkg:apk/wolfi/terraformpkg:apk/wolfi/terraform-compatpkg:apk/wolfi/terraform-local-provider-configpkg:apk/wolfi/terragruntpkg:apk/wolfi/terragrunt-docs
< 1.5.7-r25+ 18 more
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.11.2-r1
- (no CPE)range: < 1.11.2-r1
- (no CPE)range: < 1.11.2-r1
- (no CPE)range: < 1.9.8-r9
- (no CPE)range: < 1.9.8-r9
- (no CPE)range: < 1.9.8-r9
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 0.76.1-r0
- (no CPE)range: < 0.76.1-r0
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 1.5.7-r25
- (no CPE)range: < 0.76.1-r0
- (no CPE)range: < 0.76.1-r0
Patches
Vulnerability mechanics
References
2- discuss.hashicorp.com/t/hcsec-2021-18-terraform-enterprise-allowed-privilege-escalation-via-run-token/27070mitrex_refsource_MISC
- www.hashicorp.com/blog/category/terraform/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.