CVE-2023-4782

Source
https://cve.org/CVERecord?id=CVE-2023-4782
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4782.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4782
Aliases
Downstream
Published
2023-09-08T17:04:33.242Z
Modified
2026-07-15T01:49:11.814691502Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N CVSS Calculator
Summary
Terraform Allows Arbitrary File Write During Init Operation
Details

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4782.json",
    "cna_assigner": "HashiCorp"
}
References

Affected packages

Git / github.com/hashicorp/terraform

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/terraform
Events
Database specific
{
    "cpe": "cpe:2.3:a:hashicorp:terraform:*:*:*:*:*:-:*:*",
    "extracted_events": [
        {
            "introduced": "1.0.8"
        },
        {
            "fixed": "1.5.7"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4782.json"