CNNVD-202602-562 Information
CNNVD ID
CNNVD-202602-562
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Terraform / OpenTofu Provider for Proxmox VE是Pavel Boldyrev个人开发者的一个软件。 Terraform / OpenTofu Provider for Proxmox VE 0.93.1之前版本存在安全漏洞,该漏洞源于SSH配置文档中的sudoer行不安全,可能导致路径遍历和编辑任意文件。
Description (English)
Terraform / OpenTofu Project for Proxmox VE is a software for Pavel Boldyrev’s personal developer. There is a security loophole in the pre-Terraform / OpenTofu Projecter for Proxmox VE 0.93.1, which stems from the unsafe sudoer line in the SSH configuration file, which may lead to the routing and editing of any file.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023 https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544
Patch
https://github.com/bpg/terraform-provider-proxmox/releases
Share on: