Home > Vulnerability Database > CVE-2023-4782

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-4782

Good to know:

Date: September 8, 2023

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Language: Go

Severity Score

6.3

Related Resources (8)

Url: https://discuss.hashicorp.com/t/hcsec-2023-27-terraform-allows-arbitrary-file-write-during-init-operation/58082

Url: https://github.com/hashicorp/terraform/pull/33745

Url: https://github.com/hashicorp/terraform

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-4782

Url: https://github.com/advisories/GHSA-h626-pv66-hhm7

Url: https://github.com/hashicorp/terraform/releases/tag/v1.5.7

Url: https://github.com/hashicorp/terraform/commit/0f2314fb62193c4be94328cc026fcb7ec1e9b893

Url: https://www.mend.io/vulnerability-database/CVE-2023-4782

Severity Score

6.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version v1.5.7

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Do you need more information?

Contact Us