cvedb.io
CVE-2023-3114
MEDIUM · CVSS 5
EPSS exploitation probability: 0%
Published 2023-06-22T22:15:09.197 · Last modified 2026-06-17T06:13:23.357

Summary

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.

Affected products

hashicorp — terraform_enterprise

Does this affect you?

Add your gear to cvedb and we'll alert you only when hashicorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.