VYPR

Terraform API

by GitLab Inc.

CVEs (1)

  • CVE-2020-13359HigNov 19, 2020
    risk 0.49cvss 7.6epss 0.01

    The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4,…