CNNVD-202511-2461 Information

CNNVD ID

CNNVD-202511-2461

Related CVE

CVE-2025-13432

• CNNVD Published: 2025-11-21

Description (Chinese)

HashiCorp Terraform Enterprise是美国HashiCorp公司的一个开发工具。 HashiCorp Terraform Enterprise存在安全漏洞，该漏洞源于权限不足，可能导致基础设施变更。

Description (English)

HashiCorp Terraform Enterprise is a development tool for HashiCorp in the United States. There is a security loophole in HashiCorp Terraform Enterprise, which stems from inadequate authority and may lead to infrastructure changes.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-11-21

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-34-terraform-enterprise-state-versions-can-be-created-by-users-without-sufficient-write-access/76821 https://access.redhat.com/security/cve/cve-2025-13432

Patch

https://www.hashicorp.com/en/products/terraform