Home

Description

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

PUBLISHED Reserved 2024-12-30 | Published 2024-12-31 | Updated 2024-12-31 | Assigner GitHub_M




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-285: Improper Authorization

Product status

>= 0.9.0, < 0.9.2
affected

References

github.com/.../tapir/security/advisories/GHSA-rj9m-qf65-f5gg

github.com/...ommit/c36360b611fa0ba4f5e250fa43ecf8a294785a03

cve.org (CVE-2024-56802)

nvd.nist.gov (CVE-2024-56802)

Download JSON