CVE-2019-19316

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
hashicorpterraform
𝑥
< 0.12.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626
https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626