Terraform versions prior to 0.12.17 Use of a Broken or Risky Cryptographic Algorithm Vulnerability

Summary

Terraform versions prior to 0.12.17 suffers from use of a broken or risky cryptographic algorithm vulnerability.

Credit:

The information has been provided by Vendor

The original article can be found at:https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626


Details

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

 

Vulnerable Systems:

Terraform versions prior to 0.12.17

 

CVE Information:

CVE-2019-19316

 

Disclosure Timeline:
Published Date:12/2/2019

Categories: News