{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T04:34:33.436","vulnerabilities":[{"cve":{"id":"CVE-2023-3114","sourceIdentifier":"security@hashicorp.com","published":"2023-06-22T22:15:09.197","lastModified":"2024-11-21T08:16:29.453","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:terraform_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"202207-1","versionEndExcluding":"202306-1","matchCriteriaId":"2FD92957-F413-4189-B026-C7CB7CF7348B"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2023-18-terraform-enterprise-agent-pool-controls-allowed-unauthorized-workspaces-to-target-an-agent-pool/55329","source":"security@hashicorp.com","tags":["Vendor Advisory"]},{"url":"https://discuss.hashicorp.com/t/hcsec-2023-18-terraform-enterprise-agent-pool-controls-allowed-unauthorized-workspaces-to-target-an-agent-pool/55329","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}