When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
References
Link | Resource |
---|---|
https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-02T20:50:44
Updated: 2019-12-02T20:50:44
Reserved: 2019-11-26T00:00:00
Link: CVE-2019-19316
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-02T21:15:16.810
Modified: 2021-07-21T11:39:23.747
Link: CVE-2019-19316
JSON object: View
Redhat Information
No data.
CWE