Main Vulnerability Database Vulnerabilities #VU98805

#VU98805 Path traversal in Terraform - CVE-2023-4782

Published: October 18, 2024

Vulnerability identifier: #VU98805

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-4782

CWE-ID: CWE-22

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Terraform

Software vendor:
HashiCorp

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences during the "init" operation if run on maliciously crafted Terraform configuration. A local user can overwrite arbitrary files on the system and escalate privileges.

Remediation

Install update from vendor's website.

External links

https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082

#VU98805 Path traversal in Terraform - CVE-2023-4782

Description

Remediation

External links

Please verify you're human