High severityNVD Advisory· Published Dec 31, 2024· Updated Apr 15, 2026

CVE-2024-56802

Description

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

Patches

98c0d5d45ded

https://github.com/pacovk/tapirvia osv

c36360b611fa

https://github.com/pacovk/tapirvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03nvd
github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5ggnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000