CVE-2024-56802

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry.  User must upgrade to 0.9.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
GitHub_MCNA
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Common Weakness Enumeration
References
https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03
https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg