CVE-2019-19316

EUVD-2021-1091
When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
hashicorpterraform
𝑥
< 0.12.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626
https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626